[AusNOG] CryptoLocker Virus

Daniel Pearson dpearson at pingco.com.au
Thu Oct 24 12:00:31 EST 2013


What makes it all worse is 5 out of 8 AV's I tested last night didn't pick it up...

I spun up a few VM's infected them while having AV on them and only 3 picked it up... Sophos, AVG and Trend

The rest Defender, Security Essentials, Kaspersky, etc didn't.

Patch released by MS for defender now picks it up but beware!

DP
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Robert Hudson
Sent: Thursday, 24 October 2013 11:52 AM
Cc: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] CryptoLocker Virus

On 24 October 2013 11:27, Pinkerton, Eric (AU Sydney) <Eric.Pinkerton at baesystemsdetica.com<mailto:Eric.Pinkerton at baesystemsdetica.com>> wrote:

IMHO, The 'best' policy is a combination of many things starting with training your end users to spot dodgy looking links, filtering egress traffic, patching patching and more patching, not using XP with IE6, monitoring your logs, changing your default password from 'password' and giving people permissions in line with their requirements (ie not making everyone a domain admin) etc etc.

Unfortunately, much of that relies on educating users, and if educating users was going to work, it'd have done so already. :(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131024/b904b89a/attachment.html>


More information about the AusNOG mailing list