New Encryption Virus: Ransomware : CryptoWall v 4.0

WARNING: New very dangerous virus that can cripple your business
 Summary of things to do:


  • Don’t open attachments in emails you are not expecting (at work and home)
  • Pass this warning on to others, teach them the same practices you follow.
  • Do not visit websites you do not know or trust
  • Do not trust Word (Doc), Adobe (PDF) and other email attachment files
  • Do not forward unusual emails onto other staff members
  • Do not ignore weird popups or things that are running slow or behaving a little “strange”
  • If you start finding files on your system come up as “Corrupt” call your IT!
  • If you start seeing files on your own machine, that are having their names changed or can no longer be opened, unplug your machine from the network immediately and call your IT
  • Make sure you have a backup that is removed from your network daily. It must be powered down and not plugged in. (Dropbox, SkyDrive and the like do not count)
  • Ask your IT to block .JS, .CHM, .EXE and other known attack files from coming in via email (if you have this feature available).


A new Ransomware dubbed “CryptoWall 4.0” has been found.
This new virus circumnavigates current antivirus and has new Features such as Encrypted File Names.
CryptoWall continues to use the same e-mail and website distribution methods as previous version.  The samples we analysed were pretending to be a resume inside a zipped e-mail attachments.
These resumes, though, were actually JavaScript (.JS)  files that when executed would download an executable, save it to a temporary folder, and the execute it.

CryptoWall 4.0 continues to utilize the same Decrypt Service site as previous versions.  From this site a victim can make payments, find out the status of a payment, get one free decryption, and create support requests.

We have passed along a sample of this virus to Antivirus companies and they are working towards a solution.

This virus first reported on the Bleeping computer forums
For those that want more technical detail:
When installed CryptoWall 4.0 will inject itself into Explorer.exe and disable System Restore, delete all Shadow Volume Copies, and use bcdedit to turn off Windows Startup Repair.
It will then inject itself into svchost.exe and encrypt the data on all local drives, removable drives, and mapped network drives.
Once it has completed encrypting your files it will launch the ransom notes that explain what happened and how to purchase the decrypter.

 The more people you pass this blog to, the more you can help stamp out these types of threats. Reducing the likelihood of this virus being triggered, reduces the virus writers payday.


550 “Sender address is invalid [route]:”

A quick look on the internet shows an increasing amount of people reporting an error 550 “Sender address is invalid [route]:”  with bouncing emails. This is new as of August 2015. No one knows what the error means.

It seems for Aussie clients with this recent issue, the likely fault is with TPP Wholesale whom upgraded security/mail filtering on their network and they are now aware of the issue and are working to resolve for multiple clients.

They have old webmail service lines / interbnal routes existing in Webcentral accounts which is creating conflicts.

Webcentral, MelourneIT, TPP etc are all now the same company.

If you need this resolved, contact TPP.

Tags: ,

“I am a newbie to photography”. What does ISO, Aperture, exposure etc. mean? do I care?

I have read many explanations for these things but nothing really helps a newbie. There are concepts / acronyms that are confusing and make very little immediate sense.

  • Some cameras allow manual control and some are automatic.
  • Do you need to know how these settings work to get good images?
  • Ever asked yourself if a point and shoot camera, is as good as a Digital SLR (DSLR)?
  • Do I need a good camera body or good lenses?
  • What is full frame? how many mega pixels ?
  • Crop size? Mirrorless ?
  • Is Canon, Nikon or other better ?

So many questions !!

Firstly, the final photo will only be as good as the scene you create. How you compose it. This is why many people refuse to say that they “Take photos”. They instead “Make” Photos. It is all up to your interpretation.

Secondly, the best camera for the job, is the one you have with you. If all you have is a phone, then that is the best camera for your photo. No point trying to prepare for every situation and carrying loads of accessories, lenses, cameras etc. Use what you have. (Or break your back carrying things you will not use)

Thirdly, A point and shoot camera can take great photos. Just point it and shoot it. A fancy camera on “auto” mode can take great photos. some awesome photos have been taken by complete novices and completely by accident in “auto” mode.

Lastly, The best camera for you, is the one you can afford. Don’t spend up big, don’t spend more than you can afford. Cheap camera’s, even kids toy camera’s have produced some cool notable shots. The most important thing is to get out there, take photos and learn what looks good with the camera you have. Want to know more?

In essence, what is a photograph?

it is a capture of light. All the fancy photography words like ISO, Aperture and all the other geeky settings, just modify the light that will be captured. In “auto” mode, your camera will make decisions to control all these things for you to get the best light. Sometimes the best light is not what you want so whilst “Auto” can do a good job, it stifles the artist in you. That is why you can take it out of “Auto” mode and into the Creative mode.

How does this light work?

It can be observed from a dark room with a small hole separating you from the bright outside world, given a small enough hole, the light that comes through can cast a sharp image on the opposite wall, all be it upside down. This is such a simple fact of life that you can imagine cavemen, hiding in caves, could have seen the outside world inverted on cave walls through small holes. Were cavemen the first people to see “photographs”? No fancy technology, no science magic. This just happens with light. The simplest camera, is a box. A pin hole camera.


If you want to read up more on this, check this out

A camera obscura (Latin: “dark chamber”) is an optical device that led to photography and the photographic camera. The device consists of a box or room with a hole in one side. Light from an external scene passes through the hole and strikes a surface inside, where it is reproduced, rotated 180 degrees (thus upside-down), but with colour and perspective preserved. The image can be projected onto paper, and can then be traced to produce a highly accurate representation.

The largest camera obscura in the world is on Constitution Hill in Aberystwyth, Wales. Using mirrors, as in an 18th-century overhead version, it is possible to project a right-side-up image. Another more portable type is a box with an angled mirror projecting onto tracing paper placed on the glass top, the image being upright as viewed from the back. As the pinhole is made smaller, the image gets sharper, but the projected image becomes dimmer. With too small a pinhole, however, the sharpness worsens, due to diffraction. Most practical camera obscuras use a lens rather than a pinhole (as in a pinhole camera) because it allows a larger aperture, giving a usable brightness while maintaining focus.


So, it is a trick of light. suddenly, Cameras do not look so complicated. Believe it or not, this whole light behaviour was noted as long ago as 470 BC. (almost 2,500 years ago). The only lesson man had to learn was an image created this way, will be upside down as light travels in straight lines from its source.

So the cool thing about modern camera’s, is someone worked out how to capture images that naturally occur in nature. From Glass plates to film. Now onto electronic sensors that read the light values, flip the image and give us a photo. So, let’s think about this light. It enters a hole, it is projected upside down (in colour) and we view it. Sounds like the humble eye ?

Light enters the eye, projects onto the back of your eyeball and the brain takes the intensities / colour and flips the image to help you make sense of the structures around you.

That is cool, but how can we control light?

Thinking still about your eye, if you are indoors and walk out into bright light, you need to squint or put on sunglasses until you can see clearly. Given time, your eyes adjust and you can stop squinting. The glasses help to change the exposure. It “dulls” down the light so you can see things clearly. It stops your surroundings being bright white and overexposed. Walking back indoors, you need to take off the sunglasses as everything is dark and underexposed. You also stop squinting.

By squinting you are reducing light by bringing your eyelids together giving time for your Iris to enlarge and shrink. A bigger Iris = Bigger hole to let light through = more light and more exposure. Your Iris gets bigger at night and smaller in bright light. This circular opening (Iris) which controls how much light enters, is called the aperture.

By controlling your aperture in your eyes, using sunglasses or waiting for your eyes to adjust, you are controlling light.

You are playing with your bodies own ISO, Aperture and time. These “body settings” allow you to modify the final exposure you see. It allows you to see things better, clearer and at the correct exposure.

Comparing the eye to a camera is hard. Throughout history it has been suggested that the human eye is equivalent to a camera 35mm to 45 mm lens. Some say it is 22.3 mm f/3.2 Full frame. (I will explain F/ and Full frame). 45mm lenses were never made in any huge quantity and 50 mm whilst plentiful, does not quite line up with our eye sight. 35 mm became the accepted standard equivalent to our eyes.

Due to 35mm being the accepted standard to build things around, many early cameras had 35 mm lenses. This then developed into 35 mm film (there were smaller sizes). This is the width of the film’s recording surface (negative) for a single photo (or frame). As the lens could completely fill a 35 mm frame, it was called Full frame (The image fills the full negative frame). The film world also has bigger formats (e.g. medium format and others) but in the world of DSLR, these big formats are too expensive for most of us to play with.

A lens of 20 mm, sees more than our eyes. It has a wider field of view. It is a wide lens. A lens of 16 mm is ultra wide. It can capture way more than we can see. It has to squeeze the information into the same size sensor or film so the result is a wider field of view with everything smaller so it will fit. A 300 mm lens is a Telephoto and it enables you to see a lot further with more detail than your eyes. With these lenses you are zooming in on a small part of what you can normally seeing and making it fit to your sensor size. My biggest lens is 1600mm and with it, I can see the craters on the moon in great detail. The mm measurement in lenses is called focal length.

The mm measurement just gives you an idea how far into the scenery you will zoom or how close to your own eyesight, the image will appear to be. No biggie and fairly easy to understand. (Be aware that cameras with lenses you can’t remove, most likely have a multiplier “X” to tell you it’s zoom capabilities. This means, you take the focal length in mm, and times it buy the multiplier to get the Zoom focal length. Digital zoom is bad as it means it takes your photo and applies some maths to it to make it look zoomed in, often creating dots of the image that don’t exist. Optical zoom is good. A camera of 24 mm with 3 x Zoom and 6 x digital zoom means it can see a wider area than our eyes and zoom into 24 x 3 = 72 mm. If you take it to full 6x zoom, it means it takes the camera to x3 optical zoom and then does some “guessing” to zoom in further. It will be not as sharp and may loose colour).

The 35mm works well on Full frame digital cameras. These cameras have sensors in the back of the camera, to receive the upside down image, that are 35 mm wide. They are the same size as the negatives in 35 mm film cameras. Full frame is desirable for professional photographers but for yourself, you don’t need it. They are more expensive and work better in low light, but you pay more. To make mass production of cameras cheaper, camera makers made sensors smaller than Full frame. These are called Crop sensors. Most of the cheaper (sub $2000 cameras use crop sensors)., They are perfectly fine for normal photography. The sensors are smaller than 35mm in width (A Crop of the full frame size). They often have special lenses designed just for them so that they can work with the smaller sensors.



Here is a diagram that might better help you understand the sensor sizes.


So we have light coming into a lens, through a small hole creating an upside down image inside the camera on a sensor. What can we do to take this up an notch ?

We can play with the manual settings.

Now we can play with the light and change the exposure. (Take it out of “Auto” or point and shoot mode). We might want to do this so that we can take photos in low light, maybe stars? Maybe we want stars as pin pricks of light or maybe we want star trails (these photos need different settings). Maybe we want our subject in focus but to blur the background. Maybe we want to overexpose an image and just get the raw shapes of items in the sunlight ? All of this and more, is just playing with the light. This is where Shutter times, Exposure, ISO and Aperture come into play.


Maybe you want to deliberately over expose your photo ? (This image below, is 100% done in the camera).


Maybe you want to pause stars as pin pricks of light


Or a long exposure showing the star trails and movement of the stars around the celestial poles.


These things can’t be done in Auto mode.

Firstly note, not only does your lens have a focal length measured in mm, it has an F/ number. This is the “F Stop”. It is a measurement of the Aperture size. The number you see will tell you how “fast” a lens is. The smaller the number, the faster the lens can be. It just means you can expose the camera to the light for less time. The smaller the number, the better it is for night-time photos, as the shutter can be faster, hand held shake is less of an issue. It also means at the smallest number, the closest subject (if that is where you focus) will be in focus and it is a good chance the background will be nicely blended out of focus behind. The subtle changes you can make between sharp objects and blurred backgrounds is referred to as the Depth of Field (DOF).


Check out your lens specifications on the end of the lens. This lens has a Focal length of 35 mm and F/1.8

In this image you can also see the aperture circle in the middle of the image. This hole is made larger and smaller via small curtains of metal moving over each other when you change settings.


Here are some examples of Aperture sizes.


Most of my lenses range from 16 mm to 200 mm focal length and have aperture values of F/2.8. I have one 50 mm F/1.8 lens (which is faster) and a 250mm at F/5.6 (very slow). My slowest lens is 800mm at F/11. The 50mm is super fast, the 250mm is fairly slow. To get a good image on the 250mm I need more time to let in more light and I will get hand held shake making the image blurry. Just to confuse you more, A smaller f-stop means a larger aperture, while a larger f-stop means a smaller aperture. When you walk into the dark, your Iris gets bigger, which is a smaller F Stop. So a F/2.8 is a big hole to let in light whilst a f/5.6 is smaller and needs more time and light to make an image.

Don’t get wrapped up in this. You will learn it after playing with the setting for a while. Just know that the Aperture (normally called Av) affects the size of the hole which lets in light and changes what is in focus.


So changing the Av value on your Camera, which changes the F Stop value, is the first way we can change the light. What happens when you are in Av mode on the camera ? you can change the aperture and the camera will automatically change the other settings to control the final exposure. If you open your Iris right up (as you are inside in the dark) and then walk out into the bright sun, if your Iris did not contract, you would be blinded. your body automatically makes changes to protect your sight. In Av mode on your camera, if you let in too much light via the Av value, the camera will change the shutter time or ISO value to try and give you the best image. In this mode, you can control what is in focus (DOF). You control only the Aperture and the Camera’s brain is still doing some things in auto.


  • At F2.8 in full daylight, I get sharp up close, drifting off blurry in the background, at about 1/6000th of a second
  • At F5.6, I get super sharp up front but also sharp behind the object, only blurry way at the back. Time is now about 1/200th of a second
  • At F/22 I get super sharp all the way back, time is at 1 second or more (depends on light and ISO)

So, what if we instead change the Tv value? This means we change the exposure time. The time that the shutter exposes the image sensor to the light. Great for night time photos. Great for waterfalls. Long exposures of a few minutes create excellent night time images. In Tv mode, you can change the time but the Camera will change the Av and ISO settings to again give you the best image. If you let in too much light over time, the camera will change the Av or ISO to modify the light. The camera still wants you to get the best image (not always the “right’ image). In super bright light, your camera will let you take images at 1/8000ths of a second. In the last few minutes of sunset, you might get 1/60th of a second (Which is as low as I will go hand held, after this you need a tripod). At night, depending on what lights are in the field of view, anywhere from 1/13 of a second to 2-5 minutes. Star trails at night take hours. If you mess about with the time value, you can create interesting ghosts in your photos.

So you change the Av value, the camera changes ISO and Tv to give you a nice image. You change Tv, the camera changes Av and ISO to make your image. See a triangle of settings here? These three light modifiers can all be balanced to give you a nice image, with the right amount of blurriness and colour. This is where you can get arty.



Whilst you can independently change the time and aperture. In many cases this is not enough. If I take photos of the stars and all I change is the time or Aperture, I will likely end up with a photo that is just bright white and over exposed. I need more control.

You can flick yourself into full manual mode and override settings of all three light modifiers. Before you so that, what is ISO ?

ISO is a left over setting from film days. It was a measurement of how sensitive the Negatives were to light. you would buy a roll of film with the sensitivity you wanted. It meant once you had selected your sensitivity, that film (30 shots) was limited to that type of photography until you used it up and swapped it out for another. A roll of 100 – 200 ISO was good for full sun. A roll of 400 – 600 was good for indoors with a flash. You really could not get less than 100 or higher than 800. Another value, called an ASA, is now considered to mean the same thing as ISO. Many old films had an ASA rating and not ISO, ASA 100 loosely was the same as ISO 100.

These days, ISO tells the sensor in the camera how reactive it can be to light. Anywhere from 50 ISO to 12,800 (Depending on camera).

Basically ISO = how much light before the image is created

In bright light (sunlight) you need a lower ISO before the image forms.In very low light, you need a higher ISO before the image is created. Daylight normal ISO’s are 200 to 400, night time can be 800 to 3200 or more The longer the exposure, the more the image burns in.

ISO 50 is super insensitive to light. This is great for light painting where you are in a dark setting and want to light things up with a torch. Also great for star trails at night where you want the image to slowly form for the foreground but want the stars which are bright, to “burn into the photo:” and create a swirling pattern. )When I am light painting or fire wool spinning I want 50 ISO as the fire / lights are very bright. This means the fire will appear in the photo but very little of the background as at night-time, ISO 50 will not let enough light in, So to give the background time to “burn in” we need more exposure time. At least 1 minute. We need lot’s of time but don’t want the camera to over expose and make a single white picture.)

ISO 12,800 is super sensitive to light. It is great for night images of stars as pinpricks of light. Unfortunately it is so sensitive that it will see light bouncing off dust and the sensor will have “noise” making your photos look granulated.

Moving to “M” mode, manual, you can set the ISO, Aperture and shutter time, all by yourself. Changing one value, affects how the others will work. If you get the balance right, you can get that perfect night photo, with the right amount of blur and the exposure you want. In M mode, the camera’s brain is offline. You are completely in control.

If you are in a bright setting (full sun), you can use a low ISO (200), short Shutter value (1/6000th of a second) and then set the Aperture to a value that makes the item you want sharp and the background blurred. Maybe F/5. If you want the background to also be in focus, you can use F/11 or maybe f/22 but will need more exposure time (maybe 1/250 of a second) and maybe a smaller ISO (100) as the higher F number shrinks the aperture and lets in less light. Most camera’s will have a display showing you if the final exposure will be over or under exposed (this normally comes up when you are getting the focus correct).

If you are in a dark setting (outside, no moon), you can use a high ISO (1600), slower Shutter value (1/30th of a second or minutes) and then set the Aperture to a value that makes the item you want bright. Maybe F/2.8 or F/1.4. If you want the background to also be in focus, you can use F/11 or maybe f/22 but will need more exposure time (maybe 30 seconds or minutes) and maybe a larger ISO (3200) as the higher F number shrinks the aperture and lets in less light.

With these basics under control, there are usually other settings on your camera. One for landscape, portraits, sport and more. Landscape will normally increase the aperture sports will decrease the shutter speed, portraits will set the aperture and all the other settings will be auto adjusted by the camera.

So, you have questions.

Is a point and shoot camera, is as good as a DSLR?

If you are a pro, if you know your camera well, a DSLR is better for photos in the “creative zone”. If you are not a pro, a point and shoot is great. Why over complicate and confuse yourself?

Do I need a good camera or good lenses?

These days, most DSLR cameras can be sold as a kit, just the body or just as accessories like lenses. Most of the kits have “average” lenses. Cheap to make and do the job. Not bad lenses but could be better. Perfectly fine and can take great photos. A pro can do better with better lenses but these will do you fine. Time to upgrade ? Keep the lenses and invest in a better body. As long as the lens mounts have not changed you can keep using them. You can look at buying better bodies second hand. Lenses hardly drop in price as the technology does not change. The bodies get superseded all the time and drop in price. Once you have upgraded your body, you can add to your lens collection.

What is full frame? how many mega pixels ? Crop size?

Full frame sensors are better in low light and offer a better overall picture. Crop sensors have their “light detectors” packed into a much smaller package (making them cheaper ) but this smaller sensor is not as good in low light. Full frame sensors are 35 mm in width. If you remove your lens, use the menu setting to flip the mirror up, you can see the sensor. A full frame sensor is 35 mm. Many full frame camera’s can’t accept lenses designed specifically for Crop cameras and if you put a normal lens from a full frame onto a crop camera, the crop will mean that the focal length of the lens is modified by the Crop factor. A Canon 1.6 crop camera fitted with a normal 35 mm lens, is modified to be 56 mm.

Full-cropped2 mirror1024ed

Here is a photo showing the mirror in position over the sensor

Mega pixels are not that important. Many pro camera’s are 22 MP yet you can now buy cameras with 65MP or more. Many smartphones now have more Mega Pixels than pro cameras. The higher the MP, the more you can zoom into a picture and the bigger it will print. You can imagine if the camera has bad electronics for ISO or a fixed aperture, that the more MP’s just means a bigger crappy image compared to the smaller 22 MP on a good camera with a great image. Mega pixel count is great but is not the “measure” of a great camera.

Is Canon, Nikon or other better ?

Due to the number of users out there, the technology they use and the many accessories available, I consider Canon and Nikon to be in a 2 horse race. Other brands have some great tricks up their sleeves but they have not really penetrated the market enough to be in the race. Is Canon or Nikon better ? They are the same. They will always make some improvement to make them better than the other, but then the other catches up. Most of my friends have Canon, so I chose canon so I can share their lenses and accessories. I now have numerous Canon cameras and all share lenses and accessories. I will likely never move to Nikon as my investment is in Canon. Do I like Nikon ? I love them. They do a great job. Once you go down the Canon or Nikon path, you will likely stay on that path (up until Canon or Nikon change their mounts and start making things incompatible). Maybe the best advise is to try one from each brand and see which one you like and feel comfortable with.

What is mirrorless?

SLR cameras (Single Lens Reflex) and now DSLR (Digital Single Lens Reflex) use an internal mirror to reflect the image up to your eye whilst you are viewing through the view finder and then flick it out of the way when you take the photo. This makes the camera “less compact” as it needs room to move the mirror. New mirrorless camera’s are more compact as they no longer have the mirror and electronically display the image whilst you are composing. These cameras use different lenses and mounts to the manufactures SLR range. They are not currently as “quick” at taking photos or focusing but they are coming along. Personally, I would wait a few more generations before looking at a mirrorless camera.

Here is the basic design of a DSLR showing the mirror


There are still more questions. What sort of tripod do you need ? What is HDR ? How do I use the histogram? How do I pan? fill flash? Bounce Flash? but these answers can come later.

Has this post inspired you ? Maybe take it up a notch with some Light painting


Tags: , , , , , , ,

Is the new right hand pane in Adobe Reader DC, messing with your workflow ?

The new Adobe Reader DC looks nice but then when you go to use it, you have less work space. So how do you remove the right hand pane (This contains export pdf, create pdf, edit pdf, etc.) on Reader DC? (It takes up a quarter of the screen and many people don’t even use the tools.)

To remove it temporarily, you can either click the Right Hand Panel bar or you can use the keys Control+H to go into “Read Mode”. Note that “Read Mode” just displays the document and no panels. Also note that “Read Mode” does not stay between documents or sessions either. Opening another document brings the right hand pane back.

If you are an avid reader of PDF’s and do not need the tools, here is a permanent solution.

Open the install directory,
i.e.” C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU” or ” C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU

Create a new subfolder (I used “Disabled”). Move 3 files from the “ENU” folder into the new “Disabled” folder. (Exit Adobe reader first).

Move  –

  • AppCenter_R.aapp
  • Home.aapp
  • Viewer.aapp.

Open a PDF and the Tool Pane is gone. It does also disable some menu items so if you want to still use the tools, read on.

Backup the file called Viewer.aapp. Edit the file with notepad (the file is XML abd located in “Adobe/Acrobat Reader DC/Reader/AcroApp/ENU/Viewer.aapp”)

The file contains a few lines however, edit it so that the following line is the only remaining line.

<Application xmlns=”″ title=”Viewer” id=”Viewer” majorVersion=”1″ requiresDoc=”true” minorVersion=”0″/>

Now open Adobe DC and the tools pane is gone but the menu items still work.

Life can get back to some normallity.

Tags: , ,

Cryptowall 3.0

I have had a brush with Cryptowall 3.0.

Imagine this, visiting a website in your latest favourite browser (Any browser, Google Chrome, IE, Firefox, anyone of them) with a PC which has the latest version of everything (Adobe Flash, Java etc.) and up to date current antivirus, but you get hacked within 5 seconds.

No popups, no request to “allow this to download”, “allow this to run”. It just downloads and runs. You don’t feel it. The machine runs normal. (Even bypassed Microsoft UAC)

Then …  28 PC’s on your network, your Dropbox, your server, your NAS backup drives, your interstate user that is using VPN from a university interstate … are all encrypted and held for ransom.

The website you visited was a trusted website you trust implicitly and you buy goods from it. You had no reason to doubt the website. Nothing pops up strange …. until the damage is done.

You call the Company whom the website belongs to, they know nothing about it and pass you to their web developers. The web developers know nothing of this issue. They look further. All of their clients websites on their servers have been hacked. They take the servers offline.

Potentially thousands of people from around where you live use this service, surfing local websites for local businesses all now being held to ransom.

It could happen to anyone. It could happen to you or me.

It sounds like the work of fiction. Maybe an episode of CSI or NCIS ? Nope. That is what happened.

So how did this website attack this person?

We found a back door in the WordPress code that ran the webskite, over the internet to Russia. This back door was used to gain access to the website and then the code was modified to plant the malware onto visiting remote machines.

When figuring out how the website initially got hacked, I learnt that there are specific strings you can type into Google search.

This key search word shows you a list of every website where a certain file is accessible. The file likely used to allow this hack.

A hacker can click on this file and download it to their end. They open the file in something like notepad …. There is the username and password to the website in a “Hash”. They crack the “Hash” and log into the website, edit the code to include the nasty back door to Russia.

So, using Google … and notepad … and a website for the back door to point to, you can hack a large number of websites, inject this code, then let people browse the website and get infected without any indication on how they got infected.

The file size of the website changes very little and you can reset the file date back to an older date. The webmaster does not know they are infecting people and it goes on for several days. All their backups are now full of the malware.

Then the hacker sits back and earns millions of dollars a day in ransom money.

It scares me that malicious code can be put on your PC and run, and you have no idea. It scares me that you can perform the original hack of the website using Google.

So, trying the Google trick myself, I found the passwords to a hospital website and their member logon database.

Very scary. (I will let the hospital know).

We found the original malicious code and set it up on our Malware testing machine.

We setup wireshark to monitor what it does and Sysinternals Process Monitor. We disconnected the internet and ran the virus. Nothing happened. Double clicking made the mouse change cursor but then nothing.

After watching for a while, We connected the internet. Now the virus wakes up. It needed the internet to activate.

We double click the file and it deletes itself. It appears in C:\XXXXX where xxxxxx is the random name of the EXE file. Then it copies itself into the users startup section of their profile start menu. It then looks out over the internet at numerous internet domains, hands over a Cypher (Encryption key) and starts encrypting files.

I had placed some bait in a folder called C:\$fodder. (Some Microsoft Word and Excel files). This virus went alphabetically though my drive letters and folders and encryopted all my useful files leaving behind help_decrypt.html and help_decrypt.txt files in every folder, on the desktop, in my profile startup start menu folder and the deleted the virus executable when done.

I am encrypted and held for ransom :)

Technical details are at http://torblogjp5rjeyhx.onion/mickyj/cryptowall-3-0/

(Yes, it is on Tor. Only advanced computer users will know what to do to get to Tor and on the Tor network, I can post more details).

Tags: ,

There is a new virus and I found it ….. TROJ_CRYPWALL.XXRS

I am as proud as can be. I found an unknown virus and my company was instrumental in it being included in new detection routines as of 23rd June 2015. I am proud to be helping keep the IT world safe, a world I work in everyday and have helped create.

The virus is not named after me but it is my claim to 5 seconds of fame. Now …. to put it into extinction. It has to go. It is a Crypto and dangerous.

I saw several of these viruses arrive in my inbox, with different subjects and senders names. The one common thread was a malformed attachment. Example name “check[1].zip size=16877”

(Contains 6d5770fd.exe(221184 bytes))

If you rename the attachment to a zip file, you can see the exe payload.

An example email:

From: bmack
Sent: Wednesday, 23 June 2015 12:28 AM
To: Michael
Subject: Hope this e-mail finds You well.

Good day!
Hope this e-mail finds You well.

Please be informed that we received the documents regarding the agreement No. 6489-245 dated from 3rd day of June.
However there are some forms missing.
We made the list of missing documents for Your ease (the list is attached below).
Please kindly check whether these forms are kept in your records.
In case you have any questions here are our contact details: 495-70-75. Feel free to give a call at any time.

Stacey Grimly,
Project Manager

If you see one of these, update your Antivirus. Delete the email. Don’t play with it.

Now, if you find something odd and your antivirus does not detect it, feel welcome to contact me. I will get it to Trend Micro whom will pull it apart. Once they have worked out how to detect and remove it, they share their info with other Antivirus companies. In the end of the day, everyone of these we knock out, get’s us one step closer to holding back the tide of these things.

Tags: , , ,

Featuring WPMU Bloglist Widget by YD WordPress Developer