But what does that article tell us that we didn’t already expect?
Right now, I’d like to know where the Norton Firewall fits into the picture in all of this. Symantec’s ‘Cryptolocker Q&A: Menace of the Year’ preamble for the ‘Figure 3. Cryptolocker attack steps’ diagram in that article states this:
Trojan.Cryptolocker then reaches out to a command-and-control server (C&C) generated through a built-in domain generation algorithm (DGA). Once an active C&C is found, the threat will download the public key that is used to encrypt the files on the compromised system while the linked private key—required for decrypting the files— remains on the cybercriminal’s server. The private key remains in the cybercriminal control and cannot be used without access to the C&C server which changes regularly.
Given the above, then why doesn’t the Norton Firewall simply step in and block all of the Trojan.Cryptolocker’s ‘command-and-control server’ search attempts in the first place?
Good Question, elsewhere!