just thinkin'
"specifically by way of an Adobe Flash exploit"
So, in the same way that BitTorrent enables "illegal filesharing", and Tor enables "terrorism", so Adobe enables extortion. Something doesn't compute.
Security researchers are focussing their crosshairs on what appears to be high-volume spam and exploit campaigns to deliver the latest iteration of the Cryptowall ransomware. Boffins from the SANS Institute, Cisco, and MalwareBytes have identified a dangerous if goofy spam campaign slinging the nasty ransomware masquerading as …
This post has been deleted by its author
"Cryptowall is being cloaked under the file name my_resume.zip and has been sent from Yahoo email addresses. The extracted files are screen savers that, when executed, download Cryptowall from compromised servers."
An enterprise network connected to the net need to be whitelisting all the software upon it in addition to preventing standard users from executing ANYTHING, without permission. Not to mention AV, Firewall and other Endpoint security measures.
A simple "Please send your CV in ".doc or PDF only" helps (not perfect, but there you go) too.
This post has been deleted by its author
"Anyone stupid enough to run an screensaver executable that's packaged up in a zip file titled as a resume deserves everything they get."
Whist I'd tend to agree with your sentiment, I'll point out that a large number of those idiots work in the same places as a lot of the commentards here. And the idiot will not be tasked with mopping up the mess. It will far more likely fall to the folks that read this site regularly and comment about how stupid these end users are.
That said -- they mention a compromised wordpress site. And I'm pretty sure there are some sigs to add to the blacklists.
The problem nowadays is that windows seems to default to "Hide known file extensions". Which is a pain in the arse as it makes it impossible to differentiate between files. A user might never even see a file is a screensaver and not a document.
(Or as I have to deal with, 8 different files with a known and thus hidden extension with EXACTLY the same name, generated by an automatic system, but not always in the same order. And then the file options being locked by IT so I can't undo it. Good luck finding the right files after doing a few measurements...)
This post has been deleted by its author