Daily Archives: December 13, 2010

Another Record Number of Windows Updates

Monster-patch Tuesday this coming one is. On Tuesday the 14th, Microsoft is releasing a record 17 security updates to patch 40 ongoing vulnerabilities in Windows.

Two of the 17 updates were tagged with Microsoft’s “critical” label, the highest threat ranking in its four-step scoring system. Another 14 were marked “important,” the second-highest rating, while the remaining update was labeled “moderate.”

Worthy of mention is that some of the patches are intended for resolving the 4 vulnerabilities that a notorious piece of malware –  Stuxnet – exploited in the recent past.

As usual if you have Automatic Updates turned on, there is no action required by the user except perhaps a restart once the updates are installed. If your computer is not set to download and install updates automatically, user intervention will be needed.

Ransomware

Ransomware. Such funny coined word for such fun times we live in. A type of malware, ransomware  holds either a computer or its data hostage, and asks the user for a ransom in order to “release” the hostage. This type of malware (malicious software) has existed for some time but its newest variant is proving to be a bit of a challenge in terms of recovering the lost information and it’s been detected as circulating in the wild since late November.

Its name is Trojan-Ransom.Win32.GpCode.ax.

How can you recognize it? Users who become victims of this new variant will often see a pop-up window in their screen, or have their desktop background replaced by this message: “ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!” The ransom message ends with, “REMEMBER: DON’T TRY TO TELL SOMEONE ABOUT THIS MESSAGE IF YOU WANT TO GET YOUR FILES BACK! JUST DO ALL WE TOLD.”

What does it do? It encrypts the files in your computer’s hard disk drive, making it impossible to access or recover them. Past threats about the encryption strength have been bogus in some cases. Not this one. So as of this writing, there is no known way to decrypt the data to recover it.

What can you do about it? There are three actions to take. First is the usual preventive one. Have a good security setup so you don’t get infected in the first place, and have a frequently updated data backup to be ready for the worst. The second action is under the category of damage control. If you see any message on your desktop like the one above, turn off your computer as fast as you can. And I don’t mean go through the usual shutdown procedure. I mean press and hold the power button of your computer until it turns off (usually takes about 5 seconds of holding the power button to force a sudden shutdown) or just yank the power cable (If your computer is a laptop obviously yanking the power cable is not an option 🙂 ). The reason for this second action is, if you act fast enough, you might be able to abort the encryption process that is destroying your information. Don’t turn the computer back on. The third action is a corrective one. Contact an expert so the necessary steps can be taken to remove the threat before it can resume its destructive work.