![]() | This article has been viewed enough times in a single week to appear in the Top 25 Report. The week in which this happened: |
![]() | A fact from CryptoLocker appeared on Wikipedia's
Main Page in the
Did you know column on 2 November 2013 (
check views). The text of the entry was as follows:
| ![]() |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||
|
One user has tagged the article as containing too much detail. What detail, specifically, is deemed excessive? Most detail is relevant to how the malware functions and what responses are possible. Information is given which can help to prevent, identify, and resolve an infection, giving factual information without becoming an instruction manual. Pol098 ( talk) 13:01, 24 October 2013 (UTC)
I added a a section on 'prevention, which stated "As of 18 November 2013 a supplier of antivirus software claimed that it could detect Ransomer—the name given to the Trojan—and 438 variants it knew about, and could detect and remove most Trojan horse malware." Granted, I supplied a 'trade' reference, but if that was a problem other references could have been found. Without this information, the article is unnecesaarily alarmist, and so the information should be included. The word 'prevention' also seems to have offended someone, who believes it 'implies how-to content' - and 'mitigation' doesn't? It's sad to see Wikipedia joining a quite unnecessary panic about this trojan. But hey, that's wikipedia. I shall not revert the changes; I have a life, which is way beyond fighting over edits. But I do hope that more intelligent editors will take an interest. Good Luck. Heenan73 ( talk) 12:31, 19 November 2013 (UTC)
It is NOT obvious information; it is important information that will be far from obvious to most users, who will have read your alarmist text and similar rubbish elsewhere; I seriously do not care what "we" (the 'in crowd') define as vandalism, prefering to use the English language. Suppression of information on false pretexts ("lies") IS vandalism; and I have never, ever seen worse by a wikipedia editor.
A comment on the issue of prevention: the inclusion of information (as against advice as such) on prevention isn't in any way against Wikipedia guidelines; removal of sourced text on those grounds is very questionable. However, the text as included here was both commercially-associated and dangerously misleading. The text implied that anti-virus measures would be effective at preventing CryptoLocker. Anyone in computing knows that relying on anti-virus software is dangerous; it can only ever protect against yesterday's threats. Most threats are indeed not new, and likely to be blocked; but a
zero-day exploit is always possible.
[1] Today I ran an executable with PDF icon emailed to me in a .ZIP file through the VirusTotal Web site, which checked it with 41 virus scanners, of which only 17 identified it as malicious. (Such a file is exceedingly suspicious; whether it was CryptoLocker or not I don't know. I ran it in a virtual machine and it didn't seem to be encrypting files or demanding a ransom, but I might not have left it long enough. It didn't do anything visible, maybe just recruited my VM into a botnet or started to download payload programs.) An antivirus software producer's claim that they can block (as of a certain date) all x known (to them) Trojans does not really say anything other than "buy me!". There are various ways (in addition to antivirus software, desirable but not the do-everything solution) to make infection less likely, and to mitigate the effects (offline backup); they are mentioned briefly in the article (though not in a "prevention" section), with links to detailed sources. Most do not require purchasing commercial products (i.e., no issue of advertising), though the labour cost may be significant.
In summary, I don't at all agree with the grounds on which the Prevention section was removed, but its actual content and source given were not reliable.
Pol098 ( talk) 13:29, 20 November 2013 (UTC)
Not quite fair. Non-expert computer users currently read an alarmist article which seems to imply there is little they can do to protect themselves, let alone deal with the damge. This is not the case. Currently, a simple antivirus (and ALL offer similar information on their ability to deal with it) is very effective SO FAR; with hindsight, I accept that a warning should have been added that that may not always be the case (though, historically, once a trojan has been spotted and added to the programs, they do pretty well. But a responsible editor would NOT have found false pretexts to remove the section; a responsible editor would have sought an independent source, if that was considered vital, and could have re-written the wording to be less 'certain' - as it stands, Wikipedia is giving a less than complete, and very unbalanced picture. And why? Because one editor had a hissy fit when another dared to alter "his" page. That, dress it up hpw ypu like, is vandalism. And if Wikipedia excludes such beg]haviour from its definition of vandalaism, then wikipedia is sadly mistaken - but it goes some way to explaining why rogue editors (like ViperSnake151) get away with it for so long. Heenan73 ( talk) 19:05, 20 November 2013 (UTC)
You know as well as I do that what he did was wrong; you know as well as I do that his stated rationale was wrong; and you know as well as I do that his real motivation - obvious to any five year old, but not to wikipedia, is way beyond wrong. Exactly as I expected. Wikipedia's loss, as editor unity trumps value. I'm clearly wasting my time and yours, so Goodbye. Heenan73 ( talk) 00:37, 21 November 2013 (UTC)
I thought I'd better, belatedly, make some final comments on my motivations, given that an attempt has been made in bold type by Heenan73 to infer the reasons behind what I have said. This really for readers of this thread, not intended as a continuing dialogue.
Pol098 ( talk) 11:41, 24 November 2013 (UTC)
As this issue has arisen several times, I include here the information from WP:NOTGUIDE:
Instruction manuals. While Wikipedia has descriptions of people, places and things, an article should not read like a "how-to" style owner's manual, advice column (legal, medical or otherwise) or suggestion box. This includes tutorials, instruction manuals, game guides, and recipes. Describing to the reader how other people or things use or do something is encyclopedic; instructing the reader in the imperative mood about how to use or do something is not.
Pol098 ( talk) 14:37, 20 November 2013 (UTC)
As someone not very knowledgeable about these issues, I'm suggesting a point that I hope others will edit the article to clarify. One obvious defense against CryptoLocker is to back up files. It's my impression, though, that some backup methods will dutifully back up the encrypted files, erasing the unencrypted ones, with the result that the backup can't be used to thwart CryptoLocker. Without getting into "how to" territory, this article could appropriately elaborate on whether and to what extent CryptoLocker has managed to infect backups and thus get around that particular countermeasure. Thanks to anyone who can add this information! JamesMLane t c 15:47, 27 March 2014 (UTC)
This isn't really my cup of tea so I'll let someone else evaluate these recent news sources:
-- Dr. Fleischman ( talk) 22:10, 11 June 2014 (UTC)
Reportedly the bot was shut down; but, others are still infecting unwary users like me. On August 6th, 2014 FireEye & Fix-IT announced a free service to help infected users decrypt cryptolocker. PCWorld and other reputable businesses provided articles and the link. I have not yet been able to connect with that link to verify it's functionality. — Preceding unsigned comment added by AviationDave4799 ( talk • contribs) 12:43, 15 September 2014 (UTC)
CryptoLocker was a particular piece of malware; since it was taken down there have been several variants using the CryptoLocker name (brand recognition?) It would seem that for the purposes of this article any malware that says "you have been infected by CryptoLocker" (or CryptoLocker 2.0 or whatever) belongs in the article. Maybe TorrentLocker, which has its own forum needs an article too, I don't know (have redlinked it).
A bit like the man who claimed that the plays of Shakespeare weren't written by him, but by another man also called William Shakespeare. Pol098 ( talk) 15:19, 14 October 2014 (UTC)
In October 2014 it was reported, in many cases in Australia and New Zealand, that an infection describing itself as CryptoLocker was being distributed as an email attachment (typically claiming to be from AusPost regarding a parcel delivery), and behaving in the same way as the early malware. [1] [2] According to a Web site that has studied CrypoLocker extensively, there have been other encrypting infections describing themselves as CryptoLocker, in particular one called TorrentLocker [3] by some experts. [4]
- ^ Actrix: An Important warning about the CryptoLocker Virus
- ^ University of Adelaid, IT Security Announcements: CryptoLocker (again), 8 October 2014
- ^ TorrentLocker Support and Discussion Thread (CryptoLocker copycat) "If you have been infected with something called CryptoLocker after June 2nd, 2014 then you are not infected with the original CryptoLocker, but instead by a new ransomware using the same name. If you have been infected recently with an infection called CryptoLocker, it is probably the TorrentLocker infection that this topic discusses."
- ^ Cite error: The named reference
details
was invoked but never defined (see the help page).
[Added 15, 22 Oct 14, 20:15: I see that the article has since been amended to at least include the new "CryptoLockers", which I think restores much of its usefulness. There needs to be brief mention in the introduction, for people who have just seen a new infection by "CryptoLocker", that malware calling itself that continues to circulate.] Pol098 ( talk) 18:11, 14 October 2014 (UTC)
Now that CryptoWall is officially on 3.0, although it went from 1.0 to 2.0 with many minor revisions without actually changing the revision number, and from 2.0 to 3.0 in like fashion, I wonder if it has grown enough to maybe have its own page? Particularly since its impacts have been arguably larger, its tactics have changed, and it operates differently other than in that it encrypts the entire file using similar crypto schemes. Any thoughts? JamusDoore ( talk) 16:24, 24 March 2015 (UTC)
A few days ago, in the institution where my wife works they catch it with CryptoLocker-like virus that in all external signs resembles normal CryptoLocker virus. I asked her to send me several "encrypted" files together with their unencrypted copies to analyze them and the first thing I noticed was the difference in their size. The "encrypted" files are smaller than the originals - something that will not happen when encoding with RSA, especially "2048-RSA" as in the message for ransom claimed. This "CryptoLocker" simply use some sort of data compression like in RAR and encrypt like AES. (I guess it's Russian or Polish origin)
Does anyone have more information about this virus? (add .illqtak extension) Enchev EG ( talk) 13:54, 28 April 2015 (UTC)
![]() | This article has been viewed enough times in a single week to appear in the Top 25 Report. The week in which this happened: |
![]() | A fact from CryptoLocker appeared on Wikipedia's
Main Page in the
Did you know column on 2 November 2013 (
check views). The text of the entry was as follows:
| ![]() |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||
|
One user has tagged the article as containing too much detail. What detail, specifically, is deemed excessive? Most detail is relevant to how the malware functions and what responses are possible. Information is given which can help to prevent, identify, and resolve an infection, giving factual information without becoming an instruction manual. Pol098 ( talk) 13:01, 24 October 2013 (UTC)
I added a a section on 'prevention, which stated "As of 18 November 2013 a supplier of antivirus software claimed that it could detect Ransomer—the name given to the Trojan—and 438 variants it knew about, and could detect and remove most Trojan horse malware." Granted, I supplied a 'trade' reference, but if that was a problem other references could have been found. Without this information, the article is unnecesaarily alarmist, and so the information should be included. The word 'prevention' also seems to have offended someone, who believes it 'implies how-to content' - and 'mitigation' doesn't? It's sad to see Wikipedia joining a quite unnecessary panic about this trojan. But hey, that's wikipedia. I shall not revert the changes; I have a life, which is way beyond fighting over edits. But I do hope that more intelligent editors will take an interest. Good Luck. Heenan73 ( talk) 12:31, 19 November 2013 (UTC)
It is NOT obvious information; it is important information that will be far from obvious to most users, who will have read your alarmist text and similar rubbish elsewhere; I seriously do not care what "we" (the 'in crowd') define as vandalism, prefering to use the English language. Suppression of information on false pretexts ("lies") IS vandalism; and I have never, ever seen worse by a wikipedia editor.
A comment on the issue of prevention: the inclusion of information (as against advice as such) on prevention isn't in any way against Wikipedia guidelines; removal of sourced text on those grounds is very questionable. However, the text as included here was both commercially-associated and dangerously misleading. The text implied that anti-virus measures would be effective at preventing CryptoLocker. Anyone in computing knows that relying on anti-virus software is dangerous; it can only ever protect against yesterday's threats. Most threats are indeed not new, and likely to be blocked; but a
zero-day exploit is always possible.
[1] Today I ran an executable with PDF icon emailed to me in a .ZIP file through the VirusTotal Web site, which checked it with 41 virus scanners, of which only 17 identified it as malicious. (Such a file is exceedingly suspicious; whether it was CryptoLocker or not I don't know. I ran it in a virtual machine and it didn't seem to be encrypting files or demanding a ransom, but I might not have left it long enough. It didn't do anything visible, maybe just recruited my VM into a botnet or started to download payload programs.) An antivirus software producer's claim that they can block (as of a certain date) all x known (to them) Trojans does not really say anything other than "buy me!". There are various ways (in addition to antivirus software, desirable but not the do-everything solution) to make infection less likely, and to mitigate the effects (offline backup); they are mentioned briefly in the article (though not in a "prevention" section), with links to detailed sources. Most do not require purchasing commercial products (i.e., no issue of advertising), though the labour cost may be significant.
In summary, I don't at all agree with the grounds on which the Prevention section was removed, but its actual content and source given were not reliable.
Pol098 ( talk) 13:29, 20 November 2013 (UTC)
Not quite fair. Non-expert computer users currently read an alarmist article which seems to imply there is little they can do to protect themselves, let alone deal with the damge. This is not the case. Currently, a simple antivirus (and ALL offer similar information on their ability to deal with it) is very effective SO FAR; with hindsight, I accept that a warning should have been added that that may not always be the case (though, historically, once a trojan has been spotted and added to the programs, they do pretty well. But a responsible editor would NOT have found false pretexts to remove the section; a responsible editor would have sought an independent source, if that was considered vital, and could have re-written the wording to be less 'certain' - as it stands, Wikipedia is giving a less than complete, and very unbalanced picture. And why? Because one editor had a hissy fit when another dared to alter "his" page. That, dress it up hpw ypu like, is vandalism. And if Wikipedia excludes such beg]haviour from its definition of vandalaism, then wikipedia is sadly mistaken - but it goes some way to explaining why rogue editors (like ViperSnake151) get away with it for so long. Heenan73 ( talk) 19:05, 20 November 2013 (UTC)
You know as well as I do that what he did was wrong; you know as well as I do that his stated rationale was wrong; and you know as well as I do that his real motivation - obvious to any five year old, but not to wikipedia, is way beyond wrong. Exactly as I expected. Wikipedia's loss, as editor unity trumps value. I'm clearly wasting my time and yours, so Goodbye. Heenan73 ( talk) 00:37, 21 November 2013 (UTC)
I thought I'd better, belatedly, make some final comments on my motivations, given that an attempt has been made in bold type by Heenan73 to infer the reasons behind what I have said. This really for readers of this thread, not intended as a continuing dialogue.
Pol098 ( talk) 11:41, 24 November 2013 (UTC)
As this issue has arisen several times, I include here the information from WP:NOTGUIDE:
Instruction manuals. While Wikipedia has descriptions of people, places and things, an article should not read like a "how-to" style owner's manual, advice column (legal, medical or otherwise) or suggestion box. This includes tutorials, instruction manuals, game guides, and recipes. Describing to the reader how other people or things use or do something is encyclopedic; instructing the reader in the imperative mood about how to use or do something is not.
Pol098 ( talk) 14:37, 20 November 2013 (UTC)
As someone not very knowledgeable about these issues, I'm suggesting a point that I hope others will edit the article to clarify. One obvious defense against CryptoLocker is to back up files. It's my impression, though, that some backup methods will dutifully back up the encrypted files, erasing the unencrypted ones, with the result that the backup can't be used to thwart CryptoLocker. Without getting into "how to" territory, this article could appropriately elaborate on whether and to what extent CryptoLocker has managed to infect backups and thus get around that particular countermeasure. Thanks to anyone who can add this information! JamesMLane t c 15:47, 27 March 2014 (UTC)
This isn't really my cup of tea so I'll let someone else evaluate these recent news sources:
-- Dr. Fleischman ( talk) 22:10, 11 June 2014 (UTC)
Reportedly the bot was shut down; but, others are still infecting unwary users like me. On August 6th, 2014 FireEye & Fix-IT announced a free service to help infected users decrypt cryptolocker. PCWorld and other reputable businesses provided articles and the link. I have not yet been able to connect with that link to verify it's functionality. — Preceding unsigned comment added by AviationDave4799 ( talk • contribs) 12:43, 15 September 2014 (UTC)
CryptoLocker was a particular piece of malware; since it was taken down there have been several variants using the CryptoLocker name (brand recognition?) It would seem that for the purposes of this article any malware that says "you have been infected by CryptoLocker" (or CryptoLocker 2.0 or whatever) belongs in the article. Maybe TorrentLocker, which has its own forum needs an article too, I don't know (have redlinked it).
A bit like the man who claimed that the plays of Shakespeare weren't written by him, but by another man also called William Shakespeare. Pol098 ( talk) 15:19, 14 October 2014 (UTC)
In October 2014 it was reported, in many cases in Australia and New Zealand, that an infection describing itself as CryptoLocker was being distributed as an email attachment (typically claiming to be from AusPost regarding a parcel delivery), and behaving in the same way as the early malware. [1] [2] According to a Web site that has studied CrypoLocker extensively, there have been other encrypting infections describing themselves as CryptoLocker, in particular one called TorrentLocker [3] by some experts. [4]
- ^ Actrix: An Important warning about the CryptoLocker Virus
- ^ University of Adelaid, IT Security Announcements: CryptoLocker (again), 8 October 2014
- ^ TorrentLocker Support and Discussion Thread (CryptoLocker copycat) "If you have been infected with something called CryptoLocker after June 2nd, 2014 then you are not infected with the original CryptoLocker, but instead by a new ransomware using the same name. If you have been infected recently with an infection called CryptoLocker, it is probably the TorrentLocker infection that this topic discusses."
- ^ Cite error: The named reference
details
was invoked but never defined (see the help page).
[Added 15, 22 Oct 14, 20:15: I see that the article has since been amended to at least include the new "CryptoLockers", which I think restores much of its usefulness. There needs to be brief mention in the introduction, for people who have just seen a new infection by "CryptoLocker", that malware calling itself that continues to circulate.] Pol098 ( talk) 18:11, 14 October 2014 (UTC)
Now that CryptoWall is officially on 3.0, although it went from 1.0 to 2.0 with many minor revisions without actually changing the revision number, and from 2.0 to 3.0 in like fashion, I wonder if it has grown enough to maybe have its own page? Particularly since its impacts have been arguably larger, its tactics have changed, and it operates differently other than in that it encrypts the entire file using similar crypto schemes. Any thoughts? JamusDoore ( talk) 16:24, 24 March 2015 (UTC)
A few days ago, in the institution where my wife works they catch it with CryptoLocker-like virus that in all external signs resembles normal CryptoLocker virus. I asked her to send me several "encrypted" files together with their unencrypted copies to analyze them and the first thing I noticed was the difference in their size. The "encrypted" files are smaller than the originals - something that will not happen when encoding with RSA, especially "2048-RSA" as in the message for ransom claimed. This "CryptoLocker" simply use some sort of data compression like in RAR and encrypt like AES. (I guess it's Russian or Polish origin)
Does anyone have more information about this virus? (add .illqtak extension) Enchev EG ( talk) 13:54, 28 April 2015 (UTC)