I put CryptoLocker on my PC

[petersmart]

To try and guard against all the malware floating about the Internet these days I use various VMs on both of my machines.

An external firewall is provided by my router which is completely "stealthed":

https://www.grc.com/x/ne.dll?bh0bkyd2

My surfing machine is a duo core fitted with 2 SSDs and free VMs fom Oracle (VirtualBox)

I have MalwareBytes Pro and free Avast installed on the real machine and free avast installed in the VMs.

MalwareBytes is used to detect any bad sites because it doesn't interfere with the normal downloading speed of good sites unlike some other programs I have found.

In Avast this facility is turned off.

So far so good and with this configuration I have been free of all infection, although both programs from time to time pop up to say something or other has been zapped.

But these seemed fairly trivial compared to some of the nasties out ther so I decided to try a real nasty - CryptoLocker.

To do this I downloaded the virus in Zip form into a VM with (hopefully) no way for it to escape, with all shared folders disconnected and the Internet turned off.

Before doing this test all important data had been backed up to an external HDD.

Then I opened the password protected Zip file and unzipped it and entered the password.

Avast instantly detected it and zapped it - so far so good.

I repeated the test several more times both with the Internet back on (CryptoLocker has to phone home to get the unique encryption key it needs) and with the shared folder also re-connected (which gave it access to the second SSD (or any HDDs if they were fitted).

In all cases Avast zapped it before it could infect the entire PC - checked by a complete scan of the REAL PC with the free Avast on it.

So I feel a lot more reassured now about my PCs ability to withstand any attack by Malware.

At least until a real nasty comes along!!

Just to make sure I'm leaving the PC running and with the Internet on for a few hours.

EDIT: Incidentally Avast could NOT detect the virus inside the Zip file although it did note that it could not check the file.

So it would seem that Zipped files are definitely a no-no if they can slip by the AV checks (although I only used Avast on it).

.

 

[trencheel303]

Most AV detection databases now have it on their hit lists, so this one will die a death now. It only took oh, several months?

If virus protection actually did its job and used heuristics like they all say they do to get you to open your wallet, they'd have been on this like a car bonnet from the get go.

The biggest problem is when it happens on a corporate network and it goes onto the network drives and cattle trucks the entire server's fileset. There are of course ways around that but they generally involve inconveniencing the user which in turns causes the helpdesk to have their ear chewed off.

 

[LongLensPhotography]

Why don't you just run Linux as parent OS since your setup is already really complicated? Surely that would be the safest thing to do. You can still VirutalBox LR and PS in an isolated widows environment.

 

[petersmart]

Why don't you just run Linux as parent OS since your setup is already really complicated? Surely that would be the safest thing to do. You can still VirutalBox LR and PS in an isolated widows environment.

What's complicated about it? - it seems really simple to me.

And as for running Linux, well none of the distros I've tried over the years have ever been as simple and intuitive as Windows or as simple to set up.

And that still wouldn't stop the problem of viruses making it to the VMs anyway.

This was a test simply to see whether the VMs could contain a virus and they can so I'm quite happy with the results.

Oh and I don't use either PS or LR.

Most AV detection databases now have it on their hit lists, so this one will die a death now. It only took oh, several months?

If virus protection actually did its job and used heuristics like they all say they do to get you to open your wallet, they'd have been on this like a car bonnet from the get go.

The biggest problem is when it happens on a corporate network and it goes onto the network drives and cattle trucks the entire server's fileset. There are of course ways around that but they generally involve inconveniencing the user which in turns causes the helpdesk to have their ear chewed off.

Well Avast is free for the basic version and it does work as I've proved - at least to my own satisfaction.

And since I'm not a corporate network the question doesn't really arise - and all my Hard drives are now removed from the PCs and only plugged in as needed.

And CryptoLocker doesn't seem to be dying the death yet as there are several versions still out there on the Internet and the latest one I used was from Feb 14th.

The original seems to have originated sometime in September last year.

And even if it does take some time for the AV companies to get the virus signatures it certainly seems better to have some protection than none at all - after all it can also take the virus a time to get on your machine, if it gets on at all.

And I have run my PC for a long time now with no AV installed at all but the CryptoLocker virus is so different to the other malware around that I decided to protect myself as much as possible.

And I shall continue to do so.

.

 

[LongLensPhotography]

What's complicated about it? - it seems really simple to me.

And as for running Linux, well none of the distros I've tried over the years have ever been as simple and intuitive as Windows or as simple to set up.

And that still wouldn't stop the problem of viruses making it to the VMs anyway.

This was a test simply to see whether the VMs could contain a virus and they can so I'm quite happy with the results.

Oh and I don't use either PS or LR.

.

Some of us hate simplicity


back to the topic - does virtual box not have something like auto backup system or even better, locked in ROM restored back to the same state after every use. I think VMWare does that but it has been some good 5 years since I wanted to run windows (and not for a very good reason either).

 

[petersmart]

Some of us hate simplicity


back to the topic - does virtual box not have something like auto backup system or even better, locked in ROM restored back to the same state after every use. I think VMWare does that but it has been some good 5 years since I wanted to run windows (and not for a very good reason either).

You can save a "snapshot" of it at any time which can then be used to go back or you can save the machine state on closedown which will let it restart at exactly the same place (I think - I've never used it).

All of VirtualBox is contained on a Virtual Disk Image so you can do all kinds of things with it including cloning it which gives second or third or more VMs all exactly the same even down to the disk format hash.

And when using it it's exactly like using a real PC - so exact that sometimes I forget I'm on a VM and not an XP or Win7 PC.

With the exception of their size - XP uses only 10GB of HDD space and Win7 needs only 25GB.
.

 

[trencheel303]

I think there are a few sophisticated nasties out there that can actually breach VMs, not common but it can happen. As for running in a VM, I did that once upon a time when I was crazy into this stuff but I tired of it very quickly. It just makes things more difficult which isn't particularly good practise, but, whatever works for you is best for you, I suppose.

 

[petersmart]

Well it works fine for me and certainly doesn't make it more difficult in any way - if anything it makes it easier.

And if anything should infect one of the VMs I can use a file shredder to completely destroy it in a few seconds, and without the need to re-install the OS on the real PC.

And since a lot of programs can be run in the VMs it means I can use several VMs for specific tasks - which again I find much easier to do.
.

 

[neil_g]

Depends how well your vm is sandboxed from the host.

 

[petersmart]

Depends how well your vm is sandboxed from the host.

Well Cryptolocker didn't break out even when I restored the Shared folder as a test so I do feel reasonably secure.

But of course I do realise that with all the nasties around now it's quite possible that a virus could be created to actually get out and do a lot of damage.

Which is why I have 2 PCs, an i7 which is used for editing my photos and films etc and rarely connects to the Internet and a duo core which does and is used for surfing.

But even on that machine there isn't much to get damaged in the way of data because everything is regularly backed up to it's own (separate from the i7) external HDD.

And the same on the i7 where everything is backed up to more external drives.

And both machines and HDDs are regularly scanned to make sure they stay clean.

And as I said I also use various VMs for different things, eg surfing regular sites which I trust, surfing other sites which may not be as trustworthy, banking (a complete VM on its own!), etc.

It may seem paranoid to go to such lengths but nowadays these hackers really are out to get you - as hundreds of millions have found out when all their details have been stolen and sold online!
.

 

[neil_g]

my last was more aimed at the comment before yours to be honest.

 

[petersmart]

my last was more aimed at the comment before yours to be honest.

No problem

 

[dejongj]

The op could have just gotten a Mac :devil:

 

[gadgeteer]

Without meaning to be rude but it sounds like quite a complex setup and not very wife friendly.

Personally I just use a Mac and don't sweat it!

 

[petersmart]

Without meaning to be rude but it sounds like quite a complex setup and not very wife friendly.

Personally I just use a Mac and don't sweat it!

Really? - good luck with that:

http://kmesystems.com/a-new-form-of-ransomware-targets-mac-computers-as-well-as-pcs/


"In the past, computer scams and viruses were only a worry for PC users; however, ransomware viruses have been appearing on Mac computers as well. According to Malwarebytes, cyber criminals are aware of the growing market of Apple consumers who tend to be more careless about Internet security."

Mind you I'm not getting complacent:

http://kmesystems.com/crisis-threatening-your-virtual-machines/

"The virtual machines and networks have been free from any malware attack and threats so far. However, we have recently found a new breed of malware that can not only attack Windows and Mac OS X but also infect other environments including virtual machines as well. This malware is known as Crisis or Morcut which is actually a Rootkit with the ability to infect four different operating platforms. Once infected, the malware remains in your PC tracking your network activities through Safari or Firefox, record Skype conversation and also track your instant messages. This is indeed a dangerous malware since it has the ability launch a widespread attack on information technology especially the cloud or virtual ones."

It would seem that the price of freedom (from viruses) really is eternal vigilance!

.

 

[srichards]

Hardly the same thing though, you just have to reset safari as it is just some javascript crud!

http://www.networkworld.com/article/2168232/network-security/fbi-ransomware-spotted-on-mac-os-x.html

 

[neil_g]

to be honest i have to agree VMs are a little overkill for most.