UKash Virus.

[pachapapa]

Whilst watching the dwarf on TF1 last night I got a bit bored and surfed with the netbook whilst watching.

All of a sudden a full page warning appeared accusing me of lots of nasty offences under french law, my IP was displayed in large red script and I was informed that I should make a UKash payment of € 100 to get my PC unblocked.

The keyboard and cursor were not available as a means of control.

The infection was caused probably by an outdated Jave application with the Exploit Blacole being the active vector.

Took an hour to clean the mess up and running with no Java Soft on board.

[sid]

It's a virus picked up from a website; I don't think it's Java related. As a matter of interest which AV software do you use? Did you get a warning which you then chose to ignore? I always like to know which AVs are less effective at this sort of thing. It's not new so unless you haven't updated your software it should have been blocked. 

[NormanH]

You should have called this chap..

http://www.completefrance.com/cs/forums/2694145/ShowPost.aspx

[Pierre ZFP]

If he's all he claims then he should have contacted you [:P]

 

[pachapapa]

[quote user="sid"]It's a virus picked up from a website; I don't think it's Java related. As a matter of interest which AV software do you use? Did you get a warning which you then chose to ignore? I always like to know which AVs are less effective at this sort of thing. It's not new so unless you haven't updated your software it should have been blocked. [/quote]

The UKash Virus has ONLY recently been directed towards PCs with a french operating system and that was the principle reason for opening the tread. After reading the copy below you might consider editing the errors in your post.[:)]

Regards, malcolm.

Disorderly conduct: localized malware impersonates the police

Mods - Copyright breach, please ensure that you only copy links to items carrying a copyright notice (in this case at the bottom of the page) in future please.

[sid]

[quote user="Pierre ZFP"]

If he's all he claims then he should have contacted you [:P]

[/quote]

[:D][:D][:D]

[sid]

OK PPP I see what you're saying about Javascript, so I take that back.

However, you didn't say what you've got in the way of protection. I would expect to be protected against something like this. Whilst the version directed to French users is new, it's not a new concept and surely the AV writers should already be prepared. I uses AVG Internet Security. I'd be most unhappy if this virus got through to me.  [Www]

 

 

[Quillan]

It can also be delivered by a counterfit Flash upgrade (Source)

The MS information also failed to mention the Strathclyde Police version.

According to the AVG forum this was reported to them back in 2011 and they have had a definition for it in their database since then. Also if you have the MS Update facility switched on then it is included in the monthly malware scan.

No doubt these 'cleaver' people will find all sorts of ways to deliver this program including hacking genuine websites so that when you visit them the trojan is downloaded automatically (which has already been reported).

[AnOther]

[quote user="pachapapa"]Took an hour to clean the mess up[/quote]

If you'd been using something like Acronis in non stop backup mode then you could have recovered from that, or pretty much anything - including a failed hard drive if you backup off machine - in a matter of minutes.

But you don't need me to tell you that do you [;-)]

[pachapapa]

[quote user="AnOther"][quote user="pachapapa"]Took an hour to clean the mess up[/quote]
If you'd been using something like Acronis in non stop backup mode then you could have recovered from that, or pretty much anything - including a failed hard drive if you backup off machine - in a matter of minutes.

But you don't need me to tell you that do you [;-)]

[/quote]

Most of the time was involved after recovery running a full scan of Microsoft Security Essentials Version 4.0 1215.0 which is the March Beta release. At the time I was watching the TV and missed the Pop-Up warning window generated by MSSE. The infection was picked up on a "nasty" porno site probably whilst traversing the cursor across the screen, the tactile pad is somewhat oversensitive.

Since then Java has been updated from 24 to 31 with the 6 Version...waiting expectantly for the release of Java 7.

[pachapapa]

[quote user="sid"]

OK PPP I see what you're saying about Javascript, so I take that back.

However, you didn't say what you've got in the way of protection. I would expect to be protected against something like this. Whilst the version directed to French users is new, it's not a new concept and surely the AV writers should already be prepared. I uses AVG Internet Security. I'd be most unhappy if this virus got through to me.  [Www]

 

 

[/quote]

MSSE 4.0.1215.0

It wasn"t so much the trojan getting through to me...it was more like me looking for trouble on a porno site.

But MSSE did trigger a warning which I ignored as I was curious to peruse the site, very professionally put up; I also had never come across UKash before.

[AnOther]

[quote user="pachapapa"]The infection was picked up on a "nasty" porno site probably whilst traversing the cursor across the screen, the tactile pad is somewhat oversensitive.[/quote]

Yeah right [:P]

Come on, you can fess up to us, we won't hold it against you [;-)]

[sid]

Probably one of those nasty other French forum sites!  [:-))] 

[cooperlola]

[quote user="pachapapa"]

It wasn"t so much the trojan getting through to me...it was more like me looking for trouble on a porno site.

[/quote]They are notoriously bad for your eyesight.

[pachapapa]

[quote user="cooperlola"][quote user="pachapapa"]

It wasn"t so much the trojan getting through to me...it was more like me looking for trouble on a porno site.

[/quote]They are notoriously bad for your eyesight.[/quote]

But Sarko is so stimulating for me![:$]

I wish they would put him in a cupboard and just relay the voice.

[pachapapa]

Another Java Exploit cleaned by Microsoft Security Essentials this morning.

Fairly new initial definition dated 14/03/12.

Exploit:Java/CVE-2011-3544.CF (?)

Encyclopedia entry
Published: Mar 14, 2012

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated: Definition: 1.121.1871.0 Released: Mar 20, 2012

Detection initially created: Definition: 1.121.1557.0 Released: Mar 14, 2012

 

[AnOther]

I'm sure we are all very happy for you but your point is ?

[pachapapa]

[quote user="AnOther"]I'm sure we are all very happy for you but your point is ?

[/quote]

The point is directed towards Windows users who keep their security protection updated on a regular basis, as in the second tuesday of each month.

The particular Exploit is relatively new with initial Microsoft Security Essentials protection provided on the 14th march 2012;

note link: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2011-3544.CF

perusal of the link shows that little is known about the characteristics, although an update to the protection was made on the 20th march 2012.

The information was ,of course, not really directed at your good self as you apparently do not do regular security updates but sometimes download an odd SP now and again.

Although the info does not concern you, I am grateful for your interest in the reasons for the posting.

[AnOther]

I'm happy for my FREE AV to take care of such things, they have never let me down yet [;-)]

[Salty Sam]

[quote user="AnOther"]I'm happy for my FREE AV to take care of such things, they have never let me down yet [;-)] [/quote]

I agree AnO!

Out of interest, I've noted my version of MS Security Essentials - like other AV programs, updates automatically and I see the latest update occurred today at 11:37 hrs and is now running version 1.123.340.0. The last check for new definitions was at 17:52 hrs.

Am I bothered? Only in as much as knowing the AV package is doing the job and taking care of things without any intervention from myself. I'm certainly not bothered as to which version is running, as long as it is the most current![:)]

[pachapapa]

[quote user="Salty Sam"][quote user="AnOther"]I'm happy for my FREE AV to take care of such things, they have never let me down yet [;-)] [/quote]
I agree AnO!
Out of interest, I've noted my version of MS Security Essentials - like other AV programs, updates automatically and I see the latest update occurred today at 11:37 hrs and is now running version 1.123.340.0. The last check for new definitions was at 17:52 hrs.

Am I bothered? Only in as much as knowing the AV package is doing the job and taking care of things without any intervention from myself. I'm certainly not bothered as to which version is running, as long as it is the most current![:)]
[/quote]

Got the same definition as well.

I know it's good, it catches CVEs so quickly, it's almost magical.

[AnOther]

Have you considered that it's just that MSE (and some sycophantic disciples [:)]) feels the need to shout from the roof tops that it has protected you from ABC or XYZ whilst other products just get on with the job quietly and unobtrusively in the background ?

FWIW I have just done a search on 'best free anti virus 2012' and out of the half dozen reviews I looked at at random AVG FREE beat MSE in every one and whilst we all know that each such review comes up with different results and that what is so on one day can change the next I only report this to emphasise that claiming one AV/Security programme is de-facto better than another is both futile and pointless. It's akin to claiming that one ISP is better than another or that say a BMW is better than a VW. It's silly in other words.

Salty Sam has it summed up perfectly and as long as you use something and keep it up to date then that will protect 99% of users from 99% of nasties.

When a programme comes along which GUARANTEES me 100% protection from 100% of current AND future nasties I will happily put my hand in my pocket and buy it but I suspect my money is quite safe for the foreseeable future [;-)]

[pachapapa]

[quote user="AnOther"]Have you considered that it's just that MSE (and some sycophantic disciples [:)]) feels the need to shout from the roof tops that it has protected you from ABC or XYZ whilst other products just get on with the job quietly and unobtrusively in the background ?

FWIW I have just done a search on 'best free anti virus 2012' and out of the half dozen reviews I looked at at random AVG FREE beat MSE in every one and whilst we all know that each such review comes up with different results and that what is so on one day can change the next I only report this to emphasise that claiming one AV/Security programme is de-facto better than another is both futile and pointless. It's akin to claiming that one ISP is better than another or that say a BMW is better than a VW. It's silly in other words.

Salty Sam has it summed up perfectly and as long as you use something and keep it up to date then that will protect 99% of users from 99% of nasties.

When a programme comes along which GUARANTEES me 100% protection from 100% of current AND future nasties I will happily put my hand in my pocket and buy it but I suspect my money is quite safe for the foreseeable future [;-)]

[/quote]

I note that the definition count has increased overnight from 1.123.340.0 to 1.123.372.0.

A whole extra THIRTY-TWO nasties that MSE is protecting the PCs from...

Once upon a time on GreenLand I was ridiculed for extolling the virtues of MSE; I am amused to note that the very mention of MSE can still generate such hot air.[:D]

[Quillan]

Well lets face it normally it is your good self that kicks the ball off then interject with the odd comment carefully worked out to antagonise somebody. My guess is you just like to go fishing and see who bites. That coupled with your extensive use of a thesaurus makes it all a bit of a shame really because you do have some good posts from time to time, The problem is that a lot of people just skim over them to the next post because your are so boring and some can't work out what on earth your talking about. As to "hot air" in this case I think there is only two people in this thread who disagree (some like myself are just not bothered) with you but then that's their right and they don't deserve to be ridiculed just because they do. [:)]

[pachapapa]

[quote user="Quillan"]Well lets face it normally it is your good self that kicks the ball off then interject with the odd comment carefully worked out to antagonise somebody. My guess is you just like to go fishing and see who bites. That coupled with your extensive use of a thesaurus makes it all a bit of a shame really because you do have some good posts from time to time, The problem is that a lot of people just skim over them to the next post because your are so boring and some can't work out what on earth your talking about. As to "hot air" in this case I think there is only two people in this thread who disagree (some like myself are just not bothered) with you but then that's their right and they don't deserve to be ridiculed just because they do. [:)][/quote]

Thankyou for your kind words of sympathy on me having been ridiculed on another forum.

Long live Microsoft Security Essentials!