Talk:CryptoLocker: Difference between revisions

Too much detail tag

One user has tagged the article as containing too much detail. What detail, specifically, is deemed excessive? Most detail is relevant to how the malware functions and what responses are possible. Information is given which can help to prevent, identify, and resolve an infection, giving factual information without becoming an instruction manual. Pol098 (talk) 13:01, 24 October 2013 (UTC)

Since my previous comment the article has been largely rewritten by one user. Some quite important details have been lost; in particular that the infection was indeed removed on payment of the ransom. and that the possibility of decrypting the files was lost on removing the virus. I have reinstated those particular points, and made some minor corrections that can be described as pedantic (ransom not necessarily paid to author; PDF icon not necessarily Adobe, etc.). If anybody would like to look at the previous version in case anything removed is thought to merit reinstating, it is here. Pol098, 20:21, 26 October 2013 (UTC) Also, recently added sourced information which seems highly relevant on the DNS sinkhole has been deleted at the same time as a change to sectioning, with an explanation mentioning sectioning only. Pol098 (talk) 13:40, 30 October 2013 (UTC)

Which cites a forum. And a page which probably cited the same forum. Forums are never reliable sources as required by Wikipedia policy. ViperSnake151  Talk  15:47, 30 October 2013 (UTC)

Strange goings on

I added a a section on 'prevention, which stated "As of 18 November 2013 a supplier of antivirus software claimed that it could detect Ransomer—the name given to the Trojan—and 438 variants it knew about, and could detect and remove most Trojan horse malware." Granted, I supplied a 'trade' reference, but if that was a problem other references could have been found. Without this information, the article is unnecesaarily alarmist, and so the information should be included. The word 'prevention' also seems to have offended someone, who believes it 'implies how-to content' - and 'mitigation' doesn't? It's sad to see Wikipedia joining a quite unnecessary panic about this trojan. But hey, that's wikipedia. I shall not revert the changes; I have a life, which is way beyond fighting over edits. But I do hope that more intelligent editors will take an interest. Good Luck. Heenan73 (talk) 12:31, 19 November 2013 (UTC)

Please read WP:NOTHOWTO. Wikipedia is not a how-to guide. Additionally, how it was worded also felt like the statement was an advertisement for AVG (Wikipedia is not a soapbox or promotional site), and the page did not mention anything about CryptoLocker at all. ViperSnake151  Talk  16:20, 19 November 2013 (UTC)

You contrive to miss the point. Even if your arguments are correct (they are not) the point I raised is valid - ie that Cryptolocker can be prevented by the simple expediant of using an antivirus - has been effectively censored. Well done; I hope you are proud of your vandalism. You could, of course, have simpley impre=oved my addition - found other references. The "how to" argument is specious and childish; simple rephrasing would have sorted that. Like your 'mitigation' para, huh? As for the reference, Google is your friend (or in your case, likely Bing). This is my last word. Your sad defence of your vandalism shows the worst aspect of a wiki editor - you think you own the page. Heenan73 (talk) 18:04, 19 November 2013 (UTC)

That is obvious information, and the ref made no reference to CryptoLocker itself. Any computer conscious user should know that. And that is not what we define as "vandalism". ViperSnake151  Talk  18:41, 19 November 2013 (UTC)

It is NOT obvious information; it is important information that will be far from obvious to most users, who will have read your alarmist text and similar rubbish elsewhere; I seriously do not care what "we" (the 'in crowd') define as vandalism, prefering to use the English language. Suppression of information on false pretexts ("lies") IS vandalism; and I have never, ever seen worse by a wikipedia editor.

"the ref made no reference to CryptoLocker itself" - it didn't need to - context is all.

"Any computer conscious user should know that" - rubbish. And how dare you define what people 'should' know, when what matters is what they DO know - or not.

"Wikipedia is not a how-to guide" - no-one said otherwise; don't patronise.

"felt like the statement was an advertisement" - don't be silly.

And whatever was wrong with my contribution, a responsible editor would have corrected and improved - not suppressed.

I could go on, but I'm bored. I've had enough of your childish behaviour. Time for you to report me and get me banned (so you can hide the evidence). And DO NOT HARASS ME on my talk page. Heenan73 (talk) 12:01, 20 November 2013 (UTC)

For years, as a prolific Internet user, I have felt an obligation to correct and improve Wikipedia; you have released me from that. I now feel an obligation to expose and mock corrupt editors (on Facebook etc), and an obligation to warn people off editing while jobsworth editors like you are allowed to abuse readers and contributors. Thank you. Now go report me before I vomit  ;-) ... Heenan73 (talk) 12:01, 20 November 2013 (UTC)

A comment on the issue of prevention: the inclusion of information (as against advice as such) on prevention isn't in any way against Wikipedia guidelines; removal of sourced text on those grounds is very questionable. However, the text as included here was both commercially-associated and dangerously misleading. The text implied that anti-virus measures would be effective at preventing CryptoLocker. Anyone in computing knows that relying on anti-virus software is dangerous; it can only ever protect against yesterday's threats. Most threats are indeed not new, and likely to be blocked; but a zero-day exploit is always possible.^[1] Today I ran an executable with PDF icon emailed to me in a .ZIP file through the VirusTotal Web site, which checked it with 41 virus scanners, of which only 17 identified it as malicious. (Such a file is exceedingly suspicious; whether it was CryptoLocker or not I don't know. I ran it in a virtual machine and it didn't seem to be encrypting files or demanding a ransom, but I might not have left it long enough. It didn't do anything visible, maybe just recruited my VM into a botnet or started to download payload programs.) An antivirus software producer's claim that they can block (as of a certain date) all x known (to them) Trojans does not really say anything other than "buy me!". There are various ways (in addition to antivirus software, desirable but not the do-everything solution) to make infection less likely, and to mitigate the effects (offline backup); they are mentioned briefly in the article (though not in a "prevention" section), with links to detailed sources. Most do not require purchasing commercial products (i.e., no issue of advertising), though the labour cost may be significant.

In summary, I don't at all agree with the grounds on which the Prevention section was removed, but its actual content and source given were not reliable.

1. The Yuma Sun, on a CryptoLocker attack: "... was able to go undetected by the antivirus software used by the Yuma Sun because it was Zero-day malware"

Pol098 (talk) 13:29, 20 November 2013 (UTC)

Not quite fair. Non-expert computer users currently read an alarmist article which seems to imply there is little they can do to protect themselves, let alone deal with the damge. This is not the case. Currently, a simple antivirus (and ALL offer similar information on their ability to deal with it) is very effective SO FAR; with hindsight, I accept that a warning should have been added that that may not always be the case (though, historically, once a trojan has been spotted and added to the programs, they do pretty well. But a responsible editor would NOT have found false pretexts to remove the section; a responsible editor would have sought an independent source, if that was considered vital, and could have re-written the wording to be less 'certain' - as it stands, Wikipedia is giving a less than complete, and very unbalanced picture. And why? Because one editor had a hissy fit when another dared to alter "his" page. That, dress it up hpw ypu like, is vandalism. And if Wikipedia excludes such beg]haviour from its definition of vandalaism, then wikipedia is sadly mistaken - but it goes some way to explaining why rogue editors (like ViperSnake151) get away with it for so long. Heenan73 (talk) 19:05, 20 November 2013 (UTC)

"a responsible editor would have sought an independent source, if that was considered vital, and could have re-written the wording to be less 'certain'" If you look at the article history, you'll find that I completely rewrote the section worded in a way which made clear that it was from one commercial organisation and valid on a particular date. Another editor chose to remove the section entirely; frankly I don't disagree with this at all. Rather than seek sources (probably non-existent) for what was said, as reliable fact rather than vendor's opinion, I added a reference confirming a CryptoLocker infection despite virus protection. Antivirus software is never to be relied on, it can only handle things it aleady knows about (signature or at least heuristic). This is well-known. Pol098 (talk) 22:19, 20 November 2013 (UTC)

Interesting that you clearly saw the relevance of my input despite what you call "vendors opinion", and yet now you are happy that the vandal removed it. No-one is - or ever has - suggested that antivirus software in 100% reliable; none the less, in this context, it is a first and vital line of defence. And well YOU know it; and well YOU know that many wikipedia readers do NOT know. We are clearly going around in circles here as you contrive to support the vandal

You know as well as I do that what he did was wrong; you know as well as I do that his stated rationale was wrong; and you know as well as I do that his real motivation - obvious to any five year old, but not to wikipedia, is way beyond wrong. Exactly as I expected. Wikipedia's loss, as editor unity trumps value. I'm clearly wasting my time and yours, so Goodbye. Heenan73 (talk) 00:37, 21 November 2013 (UTC)

Forgot one thing; interesting you all agree that AVG cannot be trusted to report how many Trojan variations they've found, but you are happy to insert a reference to an unvalidated first-person account - which reads to me like they HAD NOT got decent antivirus protection - but weren't going to admit it. A much more reliable reference. Well done! Heenan73 (talk) 00:41, 21 November 2013 (UTC)

I thought I'd better, belatedly, make some final comments on my motivations, given that an attempt has been made in bold type by Heenan73 to infer the reasons behind what I have said. This really for readers of this thread, not intended as a continuing dialogue.

• "You know ... that what he did was wrong"
  • As I've said, clearly and explicitly I hope, I totally disagree with the motives behind what was done ("do-it-yourself" content—not true, it wasn't written in that style, see following section), but don't object to it (what was deleted was largely, I believe, personal opinion, both wrong and without good sources)
• "You know ... that his stated rationale was wrong"
  • Absolutely
• "You know ... that his real motivation is way beyond wrong"
  • I have no way of knowing his/her motivation, I don't care, and it's not relevant. You can do the right thing for wrong motives; you can also do the wrong thing for good motives (I have fallen into this on occasion).
• "Editor unity trumps value."
  • Absolutely not. I edit based on content and what I think is best, never in favour of or against another editor. Also, Heenan73 seems to consider ViperSnake151, myself, and others to be "editors", and him/herself in some way an outsider. In point of fact all editors, including Heenan73, are equal and have exactly the same "rights" and privileges (i.e., the ability to change and save content, and nothing else). The article history clearly shows that ViperSnake151 (the editor mainly complained about) and I have largely been at loggerheads, editing each other's edits (and ViperSnake151 has chosen not to contribute to this, and other, discussions here). I find that Wikipedia often (not always) benefits from constructive (rather than warring) disputes of this nature.
• "I'm clearly wasting my time and yours"
  • .

Pol098 (talk) 11:41, 24 November 2013 (UTC)

The help page for how to deal with troublesome editors should just be a link to this conversation. Well played, Pol098. Well played.66.27.174.138 (talk) 14:42, 7 December 2013 (UTC)

Wikipedia guideline on how-to content

As this issue has arisen several times, I include here the information from WP:NOTGUIDE:

Instruction manuals. While Wikipedia has descriptions of people, places and things, an article should not read like a "how-to" style owner's manual, advice column (legal, medical or otherwise) or suggestion box. This includes tutorials, instruction manuals, game guides, and recipes. Describing to the reader how other people or things use or do something is encyclopedic; instructing the reader in the imperative mood about how to use or do something is not.

Pol098 (talk) 14:37, 20 November 2013 (UTC)

Infection of backup

As someone not very knowledgeable about these issues, I'm suggesting a point that I hope others will edit the article to clarify. One obvious defense against CryptoLocker is to back up files. It's my impression, though, that some backup methods will dutifully back up the encrypted files, erasing the unencrypted ones, with the result that the backup can't be used to thwart CryptoLocker. Without getting into "how to" territory, this article could appropriately elaborate on whether and to what extent CryptoLocker has managed to infect backups and thus get around that particular countermeasure. Thanks to anyone who can add this information! JamesMLane t c 15:47, 27 March 2014 (UTC)

If there's a source, something about this could be added. All backup methods will, and should, back up the encrypted files; that's what backup does, make a copy of the current version. Proper backup procedure (regardless of threat) is to make and keep multiple generations of off-line backup; this is not new! It's not a topic to discuss in detail here, it has to do with backup techniques, not malware. Pol098 (talk) 19:23, 13 June 2014 (UTC)

CryptoLocker shut down

This isn't really my cup of tea so I'll let someone else evaluate these recent news sources:

• Leger, Donna Leinwand; Johnson, Kevin (June 2, 2014). "Federal agents knock down Zeus Botnet, CryptoLocker". USA Today.
• Leger, Donna Leinwand (June 4, 2014). "Russian hacker engineered dazzling worldwide crime spree". USA Today.
• "CryptoLocker malware shut down as mastermind is identified". Sioux Falls Business Journal. June 10, 2014.

--Dr. Fleischman (talk) 22:10, 11 June 2014 (UTC)

Reportedly the bot was shut down; but, others are still infecting unwary users like me. On August 6th, 2014 FireEye & Fix-IT announced a free service to help infected users decrypt cryptolocker. PCWorld and other reputable businesses provided articles and the link. I have not yet been able to connect with that link to verify it's functionality.