A near perfect storm? Hole in all versions of Internet Explorer and a new spin on ransomware?
I’ve already posted both of these articles independently to our Facebook page but wanted to also reach here to make sure that you saw it. If you’re using Internet Explorer, there is a good chance (that’s growing steadily until Microsoft fixes [rather than mitigates] the bug) that you will get a virus as a result. Also, there’s a new strain of ransomware (FBI virus, DHS virus, etc.) making the rounds that’s literally cutting out the middle man when it comes to bad guys making a profit off of you. Previously, the intent (other than setting up your computer as a timeshare) was to get you to send a $300 Moneypack to them. Now though, they just turn your computer in to a bitcoin miner and start seeing a return immediately.
Basically, we’ve got two things working against us with this:
1. There is a new vulnerability in Internet Explorer (the big blue ‘E’), affecting all supported versions, that can allow an attacker to ‘execute arbitrary code’. The English version of this is that an attacker can install a virus (or anything else) on your computer remotely without your knowledge if they can get you to view an infected page. Viewing a page could include anything from going to a compromised website, sending you an email with a link to a compromised website or even putting an ad on an otherwise legitimate website that contained their ‘special code’. The really sneaky part is that you would never know that it happened (until you started seeing signs of the virus).
2. There is also a new spin on ransomware, specifically the Reveton virus. Reveton is best known by names like the Cop virus, FBI virus, DHS virus, etc. Traditionally, the dirtbags using the ransomware have relied on getting victims to pay money via anonymous payment methods like MoneyPacks, Ukash, Paysafecards, etc. That ‘old school’ way was apparently not efficient enough so the new version skips the whole ‘you have to go out and get money to give to us’ routine and immediately begins mining bigcoins from the infected computer. This new spin though turns the infected computer into a bitcoin miner, basically cutting out the middle man. Once infected, the computer immediately locks out the user and begins making money for the attacker. Pretty click, but not good for the legitimate owner of the computer.
Recommendations:
Simply put, don’t use Internet Explorer unless you *absolutely have to*. Instead, use Google Chrome, Mozilla Firefox or even Apple Safari or Opera. All of these are free alternatives that do basically the same thing [as Internet Explorer] but with typically fewer security concerns. Using one of these browsers is by no means an excuse to be complacent about good practices (up-to-date antivirus, regular updates, etc.), but it’s a sure fire way to avoid this specific vulnerability and save yourself some grief.
Feel free to pass this along to friends and family who may be using Internet Explorer.
Additional Resources:
- Microsoft Security Advisory on the Internet Explorer hole.
- Microsoft Workaround for the issue. Note, this reportedly only works in 32bit versions of Internet Explorer.
- Internet Storm Center (ISC) report that the IE hole is being actively exploited.
- The Register article on the new ransomware
- Details on Reveton