The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
is anybody else concerned by how many 'green ticks' there are for that? Now I know 'we' on CP would never run anything on our computers, but we do all head tech support for the family right? They are not so wise!
It just appeared on our radar 24 hours or less.
AFAIK, signature will get released any time from our AV labs as well.
It's also a polymorphic one (if I got this one right), that's why analysts performs more tests on this one.
Also, if one reads VirusTotal list, it can be seen that:
- two vendors name it Trojan.Win32.Kryptik.BCISU and second Trojan.Win32.Kryptik.CISU (good thing a letter differ between two different vendors)
- others name it Trojan/Generic or Malware Gen, which is usually another name for "we know is doing something bad but we don't really know what is"
- Symantec signed it with Suspicious.Cloud.5 which is documented from 2010, but the virus is first seen on 2014/08/14 (yesterday); I don't know what to think here
- Sophos name it AIJV[^] and also mention it as AviraTR/Agent.CISU.1 (CISU again !)
All in all, I'm not in an AV guy, but I know enough to read between the lines that this is
1. an 1-day item
2. drops on computer only if clicked and downloaded and executed (from Dropbox in the sample I have seen)
3. quite easy to detect and remove (registry key modification, relatively large size - 188 Kb)
* * *
That does not mean it is something the regular user can ignore.
But they do.
No matter how many times I tell my father
"if someone you don't know and looks suspicious pops up at the door, do you let him in? it's the same with programs; you don't know what is, you don't trust who did it or why pops, close it and never look back"
he keeps clicking on Yes on anything it moves.
I promised myself than one day I will do a MessageBox with something like
"Is your mom a very nasy slut?"
I bet that at least 75% of the users will click on yes.
I seem to remember someone posting on CP a while ago that these phishing messages were written with intentionally poor grammar and spelling so that they target the more uneducated that are seemingly more liable to fall for the scam. That way they are focussing their efforts. Not sure on the legitimacy of that claim, but I can see some of the logic.
Last Visit: 31-Dec-99 19:00 Last Update: 5-Dec-16 1:23