[sf-lug] "sniff test": Re: South African Linux sites experiencing Ransomware attacks.

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Sep 12 19:30:09 PDT 2019 

Yes, I thought it, if not failed the "sniff test", smelled at
least quite fishy (maybe even phishy?).

Things that raised yellow (if not red) flags in my read/skim of
(a mere some of) the materials:
o claims sounded grandiose/"scary"/exaggerated (more click-bait revenue)
o source(s) didn't seem particularly credible (not particularly
   good/excellent sources on security nor having references/links to
   such)
o lack of sufficient relevant credible information & large (overblown)
   claims.  I oft apply rule: extraordinary claims need be supported by
   credible extraordinary proof - or at least strong credible
   evidence to support such.  That was entirely lacking.
o and more specifically/generally - claims of great danger, large,
   fast spreading, unknown exactly how - merely speculated as to
   how.  That one grossly fails the sniff test.  Most anything being
   massively exploited, the particular vector(s) of attack are generally
   very well known in short order ... period.  No excuses for that
   information being absent - thus grossly fails the sniff test
o additionally, were it credible, it would (also) be quite well covered
   and including from quite competent reputable sources - that was
   completely lacking (and I would've also likely seen such from such
   other source(s) - I saw nothing of the sort).  So again, fails the
   sniff test.

I didn't bother checking/investigating further, as it seemed to quite fail
the sniff test and didn't appear to me to be at all likely to be a credible
threat/claim.  So I moved on to other things.  :-)

> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] South African Linux sites experiencing  
> Ransomware attacks.
> Date: Thu, 12 Sep 2019 00:45:03 -0700

> Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):
>
>> Hi LUGers.
>>
>> This is the article ..../A new form of ransomware called Lilocked
>> (or Lilu) has been targeting
>> Linux servers and encrypting website files, asking for a Bitcoin
>> ransom to get these files back./
>> /Link to the full article:
>> -  
>> https://mybroadband.co.za/news/security/319373-south-african-websites-hit-by-new-lilocked-ransomware.html
>
> As usual, this is hot air.  My reaction to a separate (and earlier) but
> related news story, this one from Ziff-Davis ('ZDNet').  The story you
> are quoting differs primarily in throwing in an idle speculation that
> the means of attack is a recent (now fixed) bug in the Exim SMTP daemon
> -- but the author doesn't actually have any information about this (and,
> further irony, the author quotes an equally unsupported speculation
> about that from ZDnet, about which more below).

More information about the sf-lug mailing list