[Nottingham] Safer by design or just overlooked? (Was: Gameover Zeus (GOZ) and Cryptolocker malware rackets)

Jason Irwin jasonirwin73 at gmail.com
Thu Jun 12 07:51:11 UTC 2014


On 11/06/14 17:58, Andy Smith wrote:
> CryptoLocker works by walking through the user's documents on
> accessible drives. On Linux, all your important (user-contributed)
> documents are about as likely to be writeable by your user as on
> Windows I suspect.
That's what I was thinking as well. I doubt AppArmor/SELinux would spot
it as the user could be doing a batch job to update stuff.

> The best defence against CryptoLocker is probably backups that
> aren't mounted locally.
I was thinking that. rsnapshot etc.

Martin - would the mighty, mighty BTRFS allow one to roll-back to the
unencrypted version of the file? My guess is this would need to be done
from a live CD.

One would also need to check .bashrc etc to make sure the malware hadn't
queued itself to run again.

-- 
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║             ║ Import from hkp://subkeys.pgp.net        ║
╚═════════════╩══════════════════════════════════════════╝



More information about the Nottingham mailing list