Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Encryption

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving 36

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.
This discussion has been archived. No new comments can be posted.

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving

Comments Filter:
  • by Okian Warrior ( 537106 ) on Thursday July 02, 2015 @02:46PM (#50035159) Homepage Journal

    As many people have pointed out, it's straightforward to set up a honeypot that triggers the exploit, pay the ransom, and then follow the money.

    Many people are affected by ransomware. If the US made fixing this problem a priority, many *people* would be relieved of anguish and suffering.

    Instead, the feds look into crimes against corporations. How's that investigation into fiber cutting in San Francisco coming along?

    Or crimes against authority. What was the cost versus benefit of the Silk Road investigation?

    If the US made *people* a priority, it would get done.

    (And for the record, Bitcoin is not anonymous and we have agreements with other countries for criminal activity. )

    • by mlts ( 1038732 )

      Now that's the rub. All it takes is for the trail to hit a country that is overtly hostile to the US, or just not willing to cooperate, and the trail goes cold. For example, if the perp who made malware tools was situated in Yemen, Brazil, or Venezuela, the local government would be giving the person accolades for doing such a thing.

      As for Bitcoins, they are definitely traceable. However, efforts like tumblers and CoinJoin may be new and holes found, but they are getting better, and if combined with an e

  • by Anonymous Coward

    https://www.virustotal.com/en/file/2dfd43d6776b5712e5fd9d82d3a6b5d0097d2b9371915539ed0b88f4097224a8/analysis/

    This sample came in nearly a day ago. When I first saw it hours after, only 5 detected it. As of this posting it's roughly at 28/56. The other half that don't detect it is the lower end of the AV spectrum, along with MSE.

    It took about 6 hours after the sample came for the heavy dogs: NOD32, Kaspersky, BitDefender and etc to detect it.

    • Comment removed based on user account deletion
      • This may be our saving grace, something as simple as doing one's work in VMs, using the bare metal OS pretty much as a hypervisor and method to back up the VM images. With SSDs, this makes the job easier (because booting an OS isn't that I/O intensive, but you have multiple instances fighting for the drive head on conventional HDDs, which causes I/O slowdowns across the board.)

        VMs are one of the few tools that can fight ransomware effectively. If the software doesn't play and deletes itself, no major loss

        • Comment removed based on user account deletion

If you didn't have to work so hard, you'd have more time to be depressed.

Working...