Facebook spreading ransomware...
...a company that owns its money by taking social relations for hostage spreads software made by people who take files for hostage.
Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that's distributing the dangerous Locky ransomware. The security firm has not released technical details as the flaw it relies on still impacts Facebook and LinkedIn, among other unnamed web properties. The …
While the attack is not automated and, it does break Facebook's hypervigilant security model and is fairly regarded by Checkpoint as a Facebook "misconfiguration".
Let's not repeat their marketing statements, shall we? FB's security is at best vigilant, and only then when it directly affects their income.
Meanwhile, allow me to express surprise at the fact that it's the 21st century, yet we still have a problem with poisoned JPGs..
Indeed, here's what the poison.jpg itself might look like.
It's perfectly safe to click unless you're allergic to hairspray....
"Even more surprising.. It's almost 2017 and people still run Windows!"
Oh, it's perfectly safe to run Windows (7 in my case) at any time.
As long as it isn't allowed to go online. Ever. That's what I have Linux Mint for.
As for Facebook - I've had 3 accounts over the past 5 years (the last one was nearly 2 years ago) and the longest that any of them lasted was about a month.
Oh, it's perfectly safe to run Windows (7 in my case) at any time.
Ah Win 7.. Best of a generally bad bunch.. (Though I do use 7 from time to time myself when I .. er... Actually, I'm running out of reasons to run it.. I install it from time to time to remind me what a horrible ordeal that is - hours to install (linux 10-20 mins), days to get up to day (Linux, depends on your download speed and how old your install media is but generally 10-20 mins. maybe an hour for slow net and ancient ISO).
As long as it isn't allowed to go online. Ever. That's what I have Linux Mint for.
Well, that would kill my updating woes at least. And need for AV. Maybe..
As for Facebook - I've had 3 accounts over the past 5 years (the last one was nearly 2 years ago) and the longest that any of them lasted was about a month.
Heh, I can do you several better there. I've had a number of accounts, no one in my name (why would I want that pain?). At least half a dozen (since I use throwaway emails and forgettable passwords etc). Each and every account has been logged in to once, to find a specific person. Then forgotten about.
"that leaves backup restoration or ransom payment as the only options available to them"
Or data abandonment. Treat it like you never had that data in the first place. Obviously not all data is suitable for such treatment, but 2 of the cases I've had to clean up after have chosen that route.
And here I was thinking "It's not a JPG, it's a poisoned TIFF with a .JPG extension". Nope, nothing so sophisticated.
Oh, libtiff 4.0.7 has been released, FINALLY closing those particular TIFF exploits. Linux updates are in the pipeline. Loads more ImageMagick security patches as well.
I have to wonder, with all of the malicious uploading going on...
why couldn't Face-*BLANK* just scan the file types and filter things that don't match?
In other words, if it's not a JPEG that 'follows the rules' (no buffer overrun sploits embedded, no ZIP file or embedded HTA or anything else it's not supposed to have), then just REJECT it and say "your file needs to be reformatted" or something.
How hard would THAT be? OK sorry for being intelligent about it, we're talking Face-*BLANK* ...
not hard to do in the POSIX world - just use the 'file' command.
How hard would THAT be? OK sorry for being intelligent about it, we're talking Face-*BLANK* ...not hard to do in the POSIX world - just use the 'file' command.
Not hard at all. With very few exceptions (eg plain text), file formats have specific start or end byte sequences to identify them. I remember writing code to check for this stuff under the Maximus BBS's (well, I think it was actually a seperate .exe or .com) that was called after an upload from a user, checked if the file start/end sequence fitted the range for the specific extension, and rejected/flagged the file if it was outside accepted parameters.
Probably the whole exe was in under 20kb size, and a config file of about the same with file extensions and start/end sequences. Took microseconds to run on a 386.
As evil as both FB and Windows are, this is just another example of "you just can't cure stupid". Who the f*ck clicks on a link and downloads things to their PCs from FB or LinkedIn? I don't care who the message is from, whenever I see something come in with any one of the various catch lines like "Hey, check this out!" or "I want to f*ck your brains out", I immediately delete it. How many times have people been told not to open suspicious emails or to download attachments and they still do it and wreak havoc on their networks?
</soapbox>