Jump to content
Sign in to follow this  
Tx Redneck

There's a special place in hell for these people.

Recommended Posts

http://blog.emsisoft.com/2012/04/11/the-accdfisa-malware-family-ransomware-targetting-windows-servers/

The ACCDFISA malware family Ransomware targeting Windows servers

A few weeks ago our colleagues over at BleepingComputer approached us asking for help with a recent malware outbreak that specifically targets Windows servers. Several companies as well as individuals found their servers being locked by a malware that claims to originate from the Anti Cyber Crime Department of Federal Internet Security Agency or short ACCDFISA. Of course such an institution does not exist and even if it did, it surely wouldnt ask the owner of the server to submit a certain dollar amount using PaySafeCard or MoneyPak codes. The affected servers fell prey to a new malware family that is currently on the loose.

 

Please read the whole article, it's intriguing and infuriating at the same time.

Share this post


Link to post
Share on other sites

Microsoft's inability to secure their operating systems and train people properly certainly is intriguing. Microsoft's inability to secure their operating systems and train people properly certainly is infuriating.

 

Please see my signature. ;)

 

Oh yeah I forgot to mention the special place in hell is called "Redmond"

Edited by Bruce

Share this post


Link to post
Share on other sites

meh...the systems are secure. there's more to corporate network security then just a windows server. firewall filters, etc.

 

if their windows server gets infected it's their own fault. this is nothing new at all for those of us that work in corporate networks.

Share this post


Link to post
Share on other sites

meh...the systems are secure. there's more to corporate network security then just a windows server. firewall filters, etc.if their windows server gets infected it's their own fault. this is nothing new at all for those of us that work in corporate networks.

inability to secure their operating systems and train people properly

Share this post


Link to post
Share on other sites

what does the issue with the link provided have to do with os security? nothing...it has everything to do with network security which is almost certainly managed by a linux device. either way, it doesn't matter what is being utilized...if the administrators leave their network wide-open like that then no amount of programming is going to prevent it.

 

"train people properly" what? that doesn't even make sense...how is it microsoft's job to train people? is it ford's job to train people how to drive? don't be ridiculous.

Edited by badbinary

Share this post


Link to post
Share on other sites

Well if you think that servers and ransom ware have nothing to do with "security" and proper training then I am going to guess that you have Microsoft Certifications.

 

Microsoft training people?

 

Well they create, and put out the various "Microsoft Certifications" (aka training) concerning all the different aspects of their operating systems of course including security and IT practices.

 

 

 

Using terminal services and or rdp with a password and or authentication that is so common that a "list" of user names and passwords can be used as a reliable means of gaining access via a simple brute force attack is about as responsible as running a system in administrator mode for daily use.

 

Finally it is not "Fords" job to train people who drive their cars, however they are required to make a safe vehicle, and like Microsoft and IT Ford does train the technicians who repair those vehicles. ;)

Edited by Bruce

Share this post


Link to post
Share on other sites

it has nothing to do with os security, it has everything to do with network security. it's up to the admins of the network to make their domain secure. this is no different regardless of what solution is utilized.

 

they are brute forcing looking for simple passwords. very basic network security principles state that you rename all admin accounts and enforce a strict password policy. that's on the admins to do...put the blame where the blame is due. microsoft is the blame of a lot of issues but on this one it simply isn't and if you really think it is, then you have no idea how corporate networks are engineered.

 

microsoft does create programs to educate people and require tests, some of which can be quite difficult, to prove your knowledge. they do not pay instructors to teach it to you, however. i don't believe ford pays instructors to train the technicians, it's a similar system to what microsoft uses. hell, for mechanics there's a much more broad "ase" certification that is usually the one required to work in a shop.

Share this post


Link to post
Share on other sites

Wait a minute.................

 

Previously you said it had nothing to do with security at all, and wasn't a training issue. :P

 

Renaming admin accounts and passwords isn't network security it is server/operating system security. They are not brute forcing the filter/router they are brute forcing the server running ts and or rdp.

 

There is no way to both allow terminal services ports to be accessed through the router/filter and block that port. Either you are allowing access or you are not. The user name/password of the server reside on a physical machine not the port forwarding device.

 

Poor security and poor training combined with laziness are the issues. Most 8th grade kids with common sense knows that difficult to guess non dictionary based passwords are important.

Share this post


Link to post
Share on other sites

the login process certainly is a network security concern. yes, it is managed by a domain controller (usually).

 

1. rdp shouldn't be allowed from outside the network

2. the login policy should have been stricter

 

either one of those two things would likely have prevented this from occurring.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...