Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: WhiskeyX
According to the writeups at CERT and BleepingComputer this is a windows only infection. BleepingComputer goes into excruciating detail on this. This does not infect Linux Boxen, period, end of story.

I have read of an imitator that does run on Mac that looks like Cryptolocker but doesn't actually encrypt the files. This is written in Java so it could also infect Linux if you were to be su when it arrived. Shouldn't routinely be the superuser. Not prudent.

113 posted on 12/29/2013 7:02:12 AM PST by Mycroft Holmes (<= Mash name for HTML Xampp PHP C JavaScript primer. Programming for everyone.)
[ Post Reply | Private Reply | To 112 | View Replies ]

To: Mycroft Holmes

“According to the writeups at CERT and BleepingComputer this is a windows only infection. BleepingComputer goes into excruciating detail on this. This does not infect Linux Boxen, period, end of story.”

That is where you are wrong, because it is merely the beginning of a story which is still unfolding. Yes, it is true that CERT reported it was only a Windows vulnerability to the best of their knowledge at the time (at least the best of their disclosable knowledge).

US-CERT United States Computer Emergency Readiness Team
Alert (TA13-309A)
CryptoLocker Ransomware Infections
Original release date: November 05, 2013 | Last revised: November 18, 2013
http://www.us-cert.gov/ncas/alerts/TA13-309A

Nonetheless, as many of the news reports said Cryptolocker only affected MS Windows computers at the time of those news reports, they also frequently acknowledged it was only a matter of time before Cryptolocker was likely to also affect Apple and Linux systems. Many of these news reports making these claims date from September 2013 through early November 2013.

It is now the end of December 2013, and we now have an unconfirmed report from a Computer Science graduate, mature career IT professional, and current instructor at a college computer laboratory. If his report is accurate, Cryptolocker is now affecting Linux systems which are not running a vulnerable MS Windows VM (Virtual Machine). Like you, I commented upon the reports that claimed Cryptolocker currently affected only MS Windows system, and he replied by explaining how their Linux systems were affected and the US-CERT alert was now no longer accurate.

It doesn’t do any good to say Cryptolocker is incapable of breaching security to obtain privileges as a superuser with access to root. We have already seen how vulnerabilities in the past have given malware access to superuser privileges and root.

US-CERT United States Computer Emergency Readiness Team
Linux Root Access Vulnerabilities
Original release date: October 25, 2010 | Last revised: October 23, 2012
http://www.us-cert.gov/ncas/current-activity/2010/10/25/Linux-Root-Access-Vulnerabilities


114 posted on 12/29/2013 7:46:03 AM PST by WhiskeyX ( provides a system for registering complaints about unfair broadcasters and the ability to request a)
[ Post Reply | Private Reply | To 113 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson