Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

GameOver Zeus and Cryptolocker

Options
  • 03-06-2014 5:29pm
    #1
    Walker34
    Registered Users Posts: 425 ✭✭


    Hi,
    do these viruses only target Windows systems,......have any viruses ever been written which affect Linux OS. I use Linux and have never had any problems with this phenomenon. Am I missing something here.?


Comments

  • Options
    #2
    ZENER
    Registered Users Posts: 6,163 ✭✭✭ZENER


    AFAIK it won't affect a Linux installation but there's a situation that I was wondering about. I use mainly Macs for my day to day stuff but I also have a Windows 2008 Server and a couple of virtual machines in VirtualBox on the Mac.

    From what I understand the crypto virus encrypts all attached drives thus making backups - while still attached - useless if you're infected. If these are directly attached drives, e.g. USB - eSATA - SATA - Firewire etc I can see how this could happen. What happens if the drives are mapped shares though ?

    Also what if you have a Virtual Machine running in VirtualBox on a Linux or MacOS machine ? Can the virus encrypt the Hard disk containing your Host OS ? My guess is it can't given the different filesystems ? Does this mean that if your attached drives are not FAT or NTFS then the virus can't attack them ?

    Ken


  • Options
    #3
    skimpydoo
    Registered Users Posts: 4,928 ✭✭✭skimpydoo


    If you have a Linux or Mac OS machine running Windows in a virtual server they can be effected.

    The following articles maybe of use.

    http://www.theweek.co.uk/technology/58794/gameover-zeus-and-cryptolocker-how-to-protect-yourself

    http://tecdr.net/less-than-2-weeks-to-computer-doomsday-scenario/

    http://tecdr.net/cryptolocker-removal/


  • Options
    #4
    ZENER
    Registered Users Posts: 6,163 ✭✭✭ZENER


    Meant to post back her actually !

    From what I read, unless you have a Mac specific version of the malware (there is apparently one about but I can't find any accurate info on it) then only files that the virtual machine has direct access to can be encrypted. So if you have smb enabled on your Mac shared folders then the files in those folders are accessible to Windows - assuming you've mapped them to a drive letter or have browsed to them - and they can be encrypted.

    VirtualBox also has a feature to share a folder between the 2 platforms so these files are vulnerable apparently.

    Ken


  • Options
    #5
    [Deleted User]
    Posts: 0 [Deleted User]


    And ensure that any network drives exposed have some sort of versioning applied for recovery.


Advertisement