Has everyone heard about this one?
From ZDNet
"Virus analysts at Kaspersky Lab have intercepted a new variant of
Gpcode, a malicious virus that encrypts important files on an infected
desktop and demands payment for a key to recover the data."
http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
max
--
Virus Removal http://max.shplink.com/removal.html
I block all spam/googlegroupers-you can too!
http://improve-usenet.org/index.html
Change nomail.afraid.org to gmail.com to reply by email.
From: "What's in a Name?" <maxwachtel@nomail.afraid.org>
|
| Has everyone heard about this one?
|
| From ZDNet
| "Virus analysts at Kaspersky Lab have intercepted a new variant of
| Gpcode, a malicious virus that encrypts important files on an infected
| desktop and demands payment for a key to recover the data."
|
| http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
|
| max
Yepper...
My understanding is miscreants afre using Blog Spots to help spread this Trojan.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
"What's in a Name?" wrote in
<news:484d77aa$0$3349$4c368faf@roadrunner.com>:
> Has everyone heard about this one?
>
> From ZDNet
> "Virus analysts at Kaspersky Lab have intercepted a new variant of
> Gpcode, a malicious virus that encrypts important files on an infected
> desktop and demands payment for a key to recover the data."
>
> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>
> max
NOTE: Inappropriate use of FollowUp-To header was ignored. Original
list of newsgroups was used for this reply.
--- Rant on inappropriate use of the FollowUp-To header ---
Don't use the FollowUp-To header. Posting to, say, 3 newsgroups but
moving replies to just 1 of them or to a completely different one means
you disconnect the visitors of those other 2 (or 3) newsgroups from the
rest of the discussion. If a newsgroup is appropriate for your post
then it is also appropriate for the replies. Or, converserly, if the
continued discussion of your post is not appropriate in all the
newsgroups to which you cross-posted then you should not have posted to
those other newsgroups in the first place. You are using the
FollowUp-To header to move replies to YOUR "home" newsgroup but which
the users of the other newsgroups may not visit. After all, if you
cross-post and include your "home" newsgroup then you'll see all those
replies in your home newsgroup and meanwhile all the other users can
still see the replies in their newsgroup where you decided to also
publish your post.
In http://www.faqs.org/faqs/usenet/primer/part1/, it says, "For a
cross-post, you may want to set the Followup-To: header line to the most
suitable group for the rest of the discussion". Read another way, that
means you disconnect the discussion from all the visitors of the other
newsgroups to which you decided to publish your post. Why did you
publish to those other newsgroups if you are going to yank the
discussion away from those users and perhaps even from the respondents
you were attempting to elicit? It is exasperating to post a reply and
never see it in the newsgroup where you read the original post. If your
post was appropriate for all the groups to which you cross-posted then
why wouldn't those same groups be appropriate for the replies? To yank
away the discussion to your "home" group is rude since that is probably
not the "home" group for your respondents. You wanted replies which may
require further replies but now your respondents no longer see the
thread in the newsgroup that they visit to where you published your
post. Also, the respondents may not know if their reply is appropriate
in the "home" group that you happen to choose. In general, malcontents
and spammers use the FollowUp-To header to hide negative replies to
their flame or spam posts, often sending the replies off to a *.test
newsgroup. Is that the company of users to which you want to be
associated?
There are some cases where FollowUp-To should be used. For example, say
a newsgroup is supposed to only get used for citing the content of a
spam e-mail. Discussions about that spam are not supposed to be
published in that citing newsgroup. Just the exhibits are published
there. If someone wants to discuss that particular spam, their replies
should go into a different newsgroup meant for those discussions. I
believe that is how some of the NANAE newsgroups operate but the
principle may apply elsewhere; however, it is rare few newsgroups where
FollowUp-To is appropriate. For the vast majority of newsgroups,
FollowUp-To is *not* appropriate. If you do not want continue the
discussion in the other newsgroups then don't cross-post over there to
only then use FollowUp-To to yank away the continued discussion. If the
discussion is not appropriate in those other newsgroups then it seems
you have self-nominated your post to be off-topic and hence spam.
If you do use the FollowUp-To header, you are expected per netiquette to
alert the readers of your post that you used that header. Be polite and
add a note (at the start of your post) saying that you used the header
(ex., "WARNING: FollowUp-To was used and points to <newsgroup>". You
might also want to explain why you consider any further discussion in
the other newsgroups is inappropriate despite your rudeness in posting
to those other newsgroups. Many times respondents wonder where their
reply post went because they expect to see it in the group they visited
and where they read your post. Not all NNTP clients alert the user that
the poster used the FollowUp-To header. Think about it: you post to
multiple newsgroups but yank the replies to a different newsgroup than
where your respondents visited, then you need more help and reply to
those replies but which are now only in your "home" newsgroup, but the
respondents won't see their posts nor will they see your replies to them
asking for more help. FollowUp-To is not required when you cross-post
since your "home" newsgroup should be one those that were specified in
the list of newsgroups. You'll watch the discussion in your home
newsgroup and the respondents or lurkers can watch that same discussion
in their own newsgroup. If you don't want replies to show up in all the
newsgroups to which you cross-posted then don't cross-post over there in
the first place!
When crossposting, there are not multiple copies of your post that
wastes bandwidth for each to get them propagated to other NNTP servers
and there aren't multiple copies of your post consuming disk space. A
single copy gets sent to the other NNTP servers and a single copy
resides on each NNTP server with pointers to it to make it show up in
multiple newsgroups. You aren't saving bandwidth or disk space by
redirecting replies for a cross-posted message to a single newsgroup.
You are just being rude to the visitors of the other newsgroups to which
you cross-posted but tried to yank away the discussion.
--- End of rant ---
What's in a Name? <maxwachtel@nomail.afraid.org> wrote in news:484d77aa$0
$3349$4c368faf@roadrunner.com:
> Has everyone heard about this one?
>
> From ZDNet
> "Virus analysts at Kaspersky Lab have intercepted a new variant of
> Gpcode, a malicious virus that encrypts important files on an infected
> desktop and demands payment for a key to recover the data."
>
> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>
> max
I haven't seen this one, but this has been done before.....
--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
On 6/9/2008 7:17 PM, Dustin Cook after much thought,came up with this jewel:
> What's in a Name? <maxwachtel@nomail.afraid.org> wrote in news:484d77aa$0
> $3349$4c368faf@roadrunner.com:
>
>> Has everyone heard about this one?
>>
>> From ZDNet
>> "Virus analysts at Kaspersky Lab have intercepted a new variant of
>> Gpcode, a malicious virus that encrypts important files on an infected
>> desktop and demands payment for a key to recover the data."
>>
>> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>>
>> max
>
> I haven't seen this one, but this has been done before.....
>
>
Seems that VXers have been busy the last 18 months. If this one starts
spreading, only working backups can save you.
--
Virus Removal http://max.shplink.com/removal.html
I block all spam/googlegroupers-you can too!
http://improve-usenet.org/index.html
Change nomail.afraid.org to gmail.com to reply by email.
VanguardLH wrote:
> "What's in a Name?" wrote in
> <news:484d77aa$0$3349$4c368faf@roadrunner.com>:
>
>> Has everyone heard about this one?
>>
>> From ZDNet
>> "Virus analysts at Kaspersky Lab have intercepted a new variant of
>> Gpcode, a malicious virus that encrypts important files on an
>> infected desktop and demands payment for a key to recover the data."
>>
>> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>>
>> max
>
>
> NOTE: Inappropriate use of FollowUp-To header was ignored. Original
> list of newsgroups was used for this reply.
>
>
> --- Rant on inappropriate use of the FollowUp-To header ---
>
> Don't use the FollowUp-To header. Posting to, say, 3 newsgroups but
> moving replies to just 1 of them or to a completely different one
> means you disconnect the visitors of those other 2 (or 3) newsgroups
> from the rest of the discussion. If a newsgroup is appropriate for
> your post then it is also appropriate for the replies. Or,
> converserly, if the continued discussion of your post is not
> appropriate in all the newsgroups to which you cross-posted then you
> should not have posted to those other newsgroups in the first place.
> You are using the FollowUp-To header to move replies to YOUR "home"
> newsgroup but which the users of the other newsgroups may not visit.
> After all, if you cross-post and include your "home" newsgroup then
> you'll see all those replies in your home newsgroup and meanwhile all
> the other users can still see the replies in their newsgroup where
> you decided to also publish your post.
>
> In http://www.faqs.org/faqs/usenet/primer/part1/, it says, "For a
> cross-post, you may want to set the Followup-To: header line to the
> most suitable group for the rest of the discussion".
Exactly. He did the right thing.
> Read another
> way, that means you disconnect the discussion from all the visitors
> of the other newsgroups to which you decided to publish your post.
In your not-humble, ignorant opinion.
<snipped evidence that Vanguard has way too much time on his hands and a
boulder on his shoulder>
You're a control freak.
Now say something about my sig.
--
Rhonda Lea Kirk Fries
If a man is offered a fact which goes against his instincts, he will
scrutinize it closely, and unless the evidence is overwhelming, he will
refuse to believe it. If, on the other hand, he is offered something
which affords a reason for acting in accordance to his instincts, he
will accept it even on the slightest evidence. The origin of myths is
explained in this way. - Bertrand Russell
On Tue, 10 Jun 2008 09:33:40 -0400, "Rhonda Lea Kirk Fries"
<nimue@databasix.com> wrote:
>> In http://www.faqs.org/faqs/usenet/primer/part1/, it says, "For a
>> cross-post, you may want to set the Followup-To: header line to the
>> most suitable group for the rest of the discussion".
>
>Exactly. He did the right thing.
I agree with Mr Vanguard. The FAQ is wrong (if that's what it actually
still says).
Jim.
James Egan wrote:
> On Tue, 10 Jun 2008 09:33:40 -0400, "Rhonda Lea Kirk Fries"
> <nimue@databasix.com> wrote:
>
>>> In http://www.faqs.org/faqs/usenet/primer/part1/, it says, "For a
>>> cross-post, you may want to set the Followup-To: header line to the
>>> most suitable group for the rest of the discussion".
>>
>> Exactly. He did the right thing.
>
> I agree with Mr Vanguard. The FAQ is wrong (if that's what it actually
> still says).
http://www.cs.tut.fi/~jkorpela/usenet/xpost.html
See the last paragraph.
http://www.cybernothing.org/faqs/net-abuse-faq.html#2.3
We just disagree on this. What Max did is still the standard, regardless
of opinions to the contrary.
--
Rhonda Lea Kirk Fries
If a man is offered a fact which goes against his instincts, he will
scrutinize it closely, and unless the evidence is overwhelming, he will
refuse to believe it. If, on the other hand, he is offered something
which affords a reason for acting in accordance to his instincts, he
will accept it even on the slightest evidence. The origin of myths is
explained in this way. - Bertrand Russell
"Rhonda Lea Kirk Fries" wrote in
<news:g2lvnm$6lt$1@blackhelicopter.databasix.com >:
> VanguardLH wrote:
>
>> NOTE: Inappropriate use of FollowUp-To header was ignored. Original
>> list of newsgroups was used for this reply.
>>
>>
>> --- Rant on inappropriate use of the FollowUp-To header ---
>>
>> Don't use the FollowUp-To header. Posting to, say, 3 newsgroups but
>> moving replies to just 1 of them or to a completely different one
>> means you disconnect the visitors of those other 2 (or 3) newsgroups
>> from the rest of the discussion. If a newsgroup is appropriate for
>> your post then it is also appropriate for the replies. Or,
>> converserly, if the continued discussion of your post is not
>> appropriate in all the newsgroups to which you cross-posted then you
>> should not have posted to those other newsgroups in the first place.
>> You are using the FollowUp-To header to move replies to YOUR "home"
>> newsgroup but which the users of the other newsgroups may not visit.
>> After all, if you cross-post and include your "home" newsgroup then
>> you'll see all those replies in your home newsgroup and meanwhile all
>> the other users can still see the replies in their newsgroup where
>> you decided to also publish your post.
>>
>> In http://www.faqs.org/faqs/usenet/primer/part1/, it says, "For a
>> cross-post, you may want to set the Followup-To: header line to the
>> most suitable group for the rest of the discussion".
>
> Exactly. He did the right thing.
>
>> Read another
>> way, that means you disconnect the discussion from all the visitors
>> of the other newsgroups to which you decided to publish your post.
>
> In your not-humble, ignorant opinion.
You can't even follow the logic, can you? What the hell do you think
happens when the FollowUp-To header is used (and obeyed)?
Those FAQs regurgitate netiquette that is over 20 years old and were
based on NNTP clients actually notifying their users that a FollowUp-To
header had been used or it could be seen in the console-mode NNTP client
when it displayed the headers. Some NNTP clients will show the
FollowUp-To header and some even alert that a post used it when you
reply. Many NNTP clients provide no such information. Also, you will
notice that those FAQs never qualify why they are recommending that
behavior. They just regurgitate what they read somewhere else.
If someone told you that you needed their fantastic memory
defragmentation program without explaining why, would you actually get
it despite that memory access is random, anyway?
> You're a control freak.
I didn't realize that I had such a huge virtual gun pointed at his and
your heads that you considered my replies as anything other than a
strong suggestion regarding netiquette. Obviously you're too lazy to
figure out the logic in the use of that header and are some lemming that
follows what someone wrote in a "FAQ". Okay, so continue being a
lemming and follow my "FAQ". Duh! Like anyone can prevent you from
making your own anarichal choices in Usenet, uh huh.
Apparently you can't even figure out that you are spewing your own
opinion regarding the use of this header. Gee, then you must be a
control freak, too. (rolls eyes)
"What's in a Name?" wrote in
<news:484d77aa$0$3349$4c368faf@roadrunner.com>:
> Has everyone heard about this one?
>
> From ZDNet
> "Virus analysts at Kaspersky Lab have intercepted a new variant of
> Gpcode, a malicious virus that encrypts important files on an infected
> desktop and demands payment for a key to recover the data."
>
> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>
> max
NOTE: FollowUp-To ingored. Reply posted to original list of newsgroups.
From a cursory scan of the articles and the ones to which is linked, and
from the dearth of information provided there, the pest infilitrates a
system and then encrypts files to hold them ransom until the user pays
to get a utility to decrypt them. The pest itself is not encrypted (as
something would have to unencrypted to decrypt it to run that executable
but that that other program is the pest). So the pest itself would
still be detectable even if morphed (since polymorphism for a large
number of variants will vaporize when the program gets loaded into
memory). So the anti-malware products could still alert on the pest
based on signature and definitely on heuristics if loaded (by watching
which apps use the crypto API).
Maybe this threat will make some users realize that they really should
be doing regular backups.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote