Date: Fri, 20 Nov 2015 00:21:32 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: ransomware virus on Linux Message-ID: <20151120002132.7a4e3a82@gumby.homeunix.com> In-Reply-To: <86y4dtiqc3.fsf@WorkBox.Home> References: <20151119064434.GB1925@c720-r276659.oa.oclc.org> <86y4dtiqc3.fsf@WorkBox.Home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 19 Nov 2015 16:20:28 -0600 Brandon J. Wandersee wrote: > From what I've been able to glean, this seems a little bit overblown. > I don't doubt the effects are significant for the people experiencing > them, but it seems extremely limited. The program is said to "take > advantage of" an outdated, running instance of the Magento e-commerce > software, so I have to think that it can only be executed via > Magento. It also encrypts only directories that would absolutely > require root privileges to modify--e.g., it specifically > encrypts /home, not individual user directories, so even if you > deliberately executed it as a regular user it would have no effect. I would guess it would recurse from /home into whatever it can access - it probably just encrypts the files in place. What worries me is that the next version might target Linux workstations where there's a lot of very complex software running as the owner of the user data.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151120002132.7a4e3a82>