Destroying your hard drive is the only way to stop this super-advanced malware
"Kaspersky published a detailed report Monday about Equation, which it considers the most advanced group of attackers to date and whose activity spans back to 2001 and possibly even to 1996. Even though the company stopped short of directly linking the group to the U.S. National Security Agency, there are significant details that point to such links." PCWorld
A couple of years ago I published a blog post about the Stuxnet worm which infected and wreaked havoc to the Iranian centrifuges that were attempting to develop nuclear fissionable material for Iran's nuclear program. Groups studying the code for the worm attributed the code writers to clandestine players, the CIA or NSA. The problem was the code escaped and was utilized by crime groups to infiltrate the general PC population. Today there is a new threat that delivers it's threat by modifying the firmware of your hard drive. Firmware is the low level code that acts as the interface between the software and hardware. It is contained in the chips solder into the hard drive's interface board. Once installed it is impossible to remove. Formatting and re-installing the operating system has no affect and the malware remains in the chip ready to deliver it's payload.
Help for the Cryptolocker (FBI) virus
The Cryptolocker virus made the news last year. It is a particularly destructive malware program that encrypts, Word, Excel, PDFs and JPEG files to name a few and tries to force you to pay a ransom for the key to unlock your files. Without the encryption key there is no way to recover your files without a good backup.
A client of mine was attacked last year, it occurred over a weekend so by Monday all of her documents, spreadsheets and pictures were locked and unusable. I was able to remove the malware but it was too late for her files. At that time I noticed that she had Carbonite and it was in the process of backing up the encrypted (changed) files. I stopped Carbonite and she was able to contact Carbonite tech support and recover her files by restoring a back up that occurred prior to the date of infection.
The good news about Cryptolocker is that a group has somehow acquired the ransom keys used to unlock the files. If you are attacked, submit to them a file that is encrypted and they will provide you with the key needed to unlock your files. Be alert and please have a good backup.
Google Chrome browser targeted
Recently I have seen an uptick in malware targeting Google's Chrome browser. In each case the malware was delivered while the user was attempting to download a program they had Googled searched for. The delivery method for a lot of the new malware is distribution via junk email attachments, malicious torrents and particularly free applications. When searching for software using a search engine, the first listings in the search will be ads or sites that purport to be a download site for the desired software. In most cases the listings are either scam sites which attempt to direct trick you to download alternative software/malware, or they deliver malware in addition to the desired program. Always carefully check the link provided if you click the link to ensure that the address is the website of the developer or manufacturer of the download you desire.
2 new Intel K CPUs, Gamer Desktops, high end components, DF Core i5-4690K, 3.5 GHz and Core i7, 4790K 4.0 GHZ
