Virus warning

It would seem that the FBI is warning users about the CryptoLocker ransomware in the USA.


It appears to be a really malicious one. When this malware infects your computer it encrypts your files and demands a ransom for them to be decrypted. The message demanding the ransom often states the user has visited an illegal site or done something wrong in order to be that much more convincing.


I have had a virus try to infect me recently, one that steals usernames and passwords and then goes phishing into e-mail, other sites such as LinkedIn and online bank accounts. Keep an eye out for them and delete anything looking even slightly suspicious. There appears to be an awful lot about at present.

Its my understanding that this newest ransomware is contained in an email with a link or attachment that must be opened. If you do not know who an email is from do not click any links in it or download any attachments, ever. That's a good rule of thumb anytime.

Or Indian if they are calling to say they are from a technical department.

Apparently they have set up a "Customer Service" page where they explain how to pay using Bitcoin or UKcash (?) and then how to use the key they send you to decrypt your files.

I've applied a utility from Foolish IT that is supposed to prevent Cryptolocker affecting files. Available from here in both free and paid ofr versions http://www.foolishit.com/vb6-projects/cryptoprevent/

No, I think you're safe. From how you describe it the guy didn't get as far as doing anything. They could call just about anyone and say there were problem with their Windows PC, and be sure that there was such a PC in the house. He wouldn't even need to connect to anything at that point, pretty much all Windows event logs have errors. That's why I like to say I don't have a Windows PC. :-)

Now you say Ian, it was the event log. I won’t hold you to it, but you’d say it was safe for my wife to use her laptop, or shall I get a friend, who is good with computers, to give it the once over?
Thanks for your help.
Best wishes
Glyn

Glyn, it sounds like the normal scam. See here:

http://www.scamwatch.gov.au/content/index.phtml/itemId/989316

He must have got you to look at the Windows event log. It sounds to me very much like there was no remote access, so there will be no problem with the laptop.

Thanks for the response.

1. He asked me to press the alt and another key at the same time. After that click on a word from a list that appeared on the screen. There was then a long list which he said were the trojans/viruses. He said the windows team would remove them. There would be no cost. As soon as he said there were so many there would be a minimal fee I put the phone down.

2. Another question, this all happened to my wife's laptop which has been switched off ever since. Should we have it looked at? Will the person have been able to get into my desktop?

Regards

Glyn

Do you remember exactly what he asked you to do?

The iPad is a separate entity. I don't believe it could have been compromised.

This happened a week last Saturday. Like an idiot I was convinced it was from Microsoft/Windows and pressed a couple of keys on my wife's laptop as instructed. 'I can't remember which. He said look you have lots of virus. Windows will cure it for you.' I kept asking I don't pay and was told no. In the end he said you have so many virus there will be a fee. I put the phone down, disconnected the computer and haven't used it since.

Should I get someone to look at the hard drive? Will it have infected other computers in the house?

If my wife looks at her bank details on ipad, can someone get in that way?

Glyn

I'm more and more tempted by online backup like Carbonite. It is possible to encrypt everything before sending it, if you don't want the NSA to see.

Exactly Ian. CryptoLocker is now up and running in Europe where people are opening files from the USA.

Quite right on the backups. I do mine when I am off line, keep my external HD disconnected except when I am backing up and sadly have to (indirectly) trust nobody including people and organisations I work with/for. I have had some pretty nasty malware arrive attached to mails that appear to be from people I know that are probably actually phished addresses that are being used for that propose.

Yes, I keep getting these. Someone who says they are calling about my Windows PC. I say I don't have one. They are confused. Eventually they hang up.

If anyone calls you like this, and it's not a service you know about and have paid for, either hang up or waste their time creatively as you wish, but give them no information.

Cryptolocker is indeed a nasty piece of work, and while for now it is mainly targetting people in the US we can be assured that in future this kind of thing will only get worse.

It's hidden in a PDF file, and when you open the file it copies itself to your hard disk and puts itself in the Windows startup. Then it phones home to get a pair of encryption keys, and it starts looking for files to encrypt. It doesn't encrypt everything, but it does essentially all your useful files - documents, spreadsheets, images etc etc. It then encrypts all such files that it finds, and where it gets really nasty is that it also looks for any files on attached disks and network drives. So if you have copies on a backup disk that's attached to your computer it will find them too.

Once encryption is done, it asks you for the money. $500 or so. If you pay, they give you the key to decrypt. If not, your only option is to restore the files from backup, assuming you have one.

They give you something like three days to reply, and after that they now offer a "service" where you can pay substantially more, but without a time limit.

Nasty stuff. Essentially if you have no backup you are totally stuffed. And they are making HUGE amounts of money with this.

... or sound Indian. I have tried my few (about six) words of Hindi and had them hang up immediately. I often tell them we are tenants and that they should talk to the owner which puts them off. If it is at the same time as post arrives, my dogs are making a heck of a noise barking and growling that they hear and hang up - but I am not sure how anybody else could arrange that ;-) I have also said that I am a police officer who would prefer to be called back at the station where I am based. Whatever we all try they are all using auto-dialling and will call back anyway. The difference is that viruses sneak in unnoticed, particularly the more sophisticated they are becoming.

Also avoid all ID hidden phone calls around lunchtime and early evening, especially on "trading opportunities" and "computer security" issues. If I happen to answer by mistake I just speak in very loud English and say I can't understand French. Many callers sound African.

Thanks for the warning Brian, I've not had anything like that one before but i have had false CAF e mails asking for details that the real CAF wouldn't. You just need to be really careful.

Thanks for the warning Brian. The Christmas period is always a busy time for the scammers and phishes as people are less vigilant and do a lot of online shopping. I had a phone call yesterday from someone who asked to speak to the computer user in the house. Then proceeded to tell me my computer was showing an error and he could fix it for me. If you get such a call ring off immediately as they want to take over your computer remotely and look for bank details and passwords.

I don't know why my response keeps coming up blank but you obviously got it Brian. Only a joke! Library card? helluva long way to go to return a book. Get fined very often?:-)

No Vic, hahaha, one of my perks like keeping my library card and an e-mail address as an alumnus. Place may be a hive of snobbery but it is generous to those who give it long years of service. Also, it means I don't pay for something, which is good, but also it is not the same as the MacAfee, Kaspersky, Norton and so on, which is my point and not some stuck up brag!