Thursday, June 19, 2008
The lost war in a progress…
It’s been said a lot about a war with hackers, virus creators, spammers, etc. The war that is in continuous mode – had some start dates but with a high degree of certainty will never have the end date until we use computers connected in the networks.
Unfortunately, we still have a reactive approach to the spyware/virus problems even if there were numerous advances in the anti-virus and anti-spyware technology that deal with sophisticated technique to cause you damage on your desktop or server.
I have recently updated my free AVG anti-virus program with the latest version 8.0. I don’t have a lot of disk space (total probably around 400GB) but the program took about 15 hrs to scan through my files. I was amazed with amount of discovered infected files, registry entries, cookies, etc. It would not surprise me if I’d not use the AVG or any other anti-spyware or anti-virus program before, but after upgrading to the latest version that includes all available protection (even the web links) and the amount of discovered vulnerabilities (keyloggers, Trojans) I was surprised with a level of detecting that was greatly improved with a new version. Of course, all the sophistication of the software comes with a price of being very slow. Agree that 15 hrs of scanning and slowing down the processor to 50% of its capacity is not the best feature of any anti-virus software.
With hundreds of new viruses and spyware program being created and purged in the net, the virus databases are swelling. It takes more and more time to compare each file on your system with thousands of known and possible infections. It is like to have a heavy armory on your body that becomes heavier every hour slowing you down in your quest to fight with an army of virus creators.
Recent news about utilizing the strong 1024-bit RSA encryption that is impossible to crack to screw up your desktop files is a proof of lost war in a progress. Look how shameless the enemy is. To encrypt your data files with 1024-bit encryption and to sell the private key to decrypt it is not something that can be taken easily (http://blogs.zdnet.com/security/?p=1251 ).
Imagine you have the reports or financial spreadsheet files and then suddenly you realize that you cannot open them. Instead of getting the files opened on the screen you are getting a popup message with an e-mail address where you have send money to buy the decryption software. No, you cannot find who the perpetrators are – believe me, they are the same smart to hide their identities as smart to write the software. What would you do?
Some of the folks mentioned that good backup is a protection against this vulnerability. But others properly argued that you usually never check if you can open EVERY file after you performed the backup. It means that you can overwrite them next day with encrypted file if you use the large capacity hard drives or tape to perform the backup operation. There is only one way to preserve the original files if you burn the CD/DVD and collect them day after day.
Something similar happened in a past. If you run Google search you may find the following links: http://www.jahewi.nl/malware/ransomware/ransomware.html, http://news.bbc.co.uk/2/hi/technology/5038330.stm.
Many folks put their two cents about this story. The one comment from Duncan I like I want to re-post here:
“*ransom note received composed of random letters clipped from newspaper*
"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"
..but seriously, folks, this starts to sound like some sort of weird 419 scam. They're not going to decrypt your files even if you pay them, and I'll bet you a whole DOLLAR that if you're stupid enough to contact them, they accept only CREDIT CARDS as payment. Chances are that the data isn't even really encrypted, it's just plain overwritten and GONE, copied over with gobbledygook random data, and you'll just get your identity stolen on top of never getting your files back. On the other hand they think they're being really clever, I'm sure, and the ones that think they're clever are usually the ones that get caught quickly and go to jail for a long, long time.”
I just hope that Duncan is right and the smart a%%$$ will be caught quickly.