The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
is anybody else concerned by how many 'green ticks' there are for that? Now I know 'we' on CP would never run anything on our computers, but we do all head tech support for the family right? They are not so wise!
It just appeared on our radar 24 hours or less.
AFAIK, signature will get released any time from our AV labs as well.
It's also a polymorphic one (if I got this one right), that's why analysts performs more tests on this one.
Also, if one reads VirusTotal list, it can be seen that:
- two vendors name it Trojan.Win32.Kryptik.BCISU and second Trojan.Win32.Kryptik.CISU (good thing a letter differ between two different vendors)
- others name it Trojan/Generic or Malware Gen, which is usually another name for "we know is doing something bad but we don't really know what is"
- Symantec signed it with Suspicious.Cloud.5 which is documented from 2010, but the virus is first seen on 2014/08/14 (yesterday); I don't know what to think here
- Sophos name it AIJV[^] and also mention it as AviraTR/Agent.CISU.1 (CISU again !)
All in all, I'm not in an AV guy, but I know enough to read between the lines that this is
1. an 1-day item
2. drops on computer only if clicked and downloaded and executed (from Dropbox in the sample I have seen)
3. quite easy to detect and remove (registry key modification, relatively large size - 188 Kb)
* * *
That does not mean it is something the regular user can ignore.
But they do.
No matter how many times I tell my father
"if someone you don't know and looks suspicious pops up at the door, do you let him in? it's the same with programs; you don't know what is, you don't trust who did it or why pops, close it and never look back"
he keeps clicking on Yes on anything it moves.
I promised myself than one day I will do a MessageBox with something like
"Is your mom a very nasy slut?"
I bet that at least 75% of the users will click on yes.
I seem to remember someone posting on CP a while ago that these phishing messages were written with intentionally poor grammar and spelling so that they target the more uneducated that are seemingly more liable to fall for the scam. That way they are focussing their efforts. Not sure on the legitimacy of that claim, but I can see some of the logic.
these phishing messages were written with intentionally poor grammar and spelling
This is the conclusion reached by the Freakonomics team and published in "Think Like A Freak" and other works thereof. It makes sense. Your average scammer doesn't want to be bothered with anybody who has the nous to spot the danger at some point. That's just wasted time and effort for no reward. So they're more than happy for the likes of us to dismiss their mail as spam/scam and maybe have a giggle at the ineptitude before binning it. It's zero loss after all (they don't even have to pay for postage any more). Their only interest is in those who can be fooled.