Slashdot Log In
RansomWare Disassembly Reveals Evolutionary Path
Posted by
CowboyNeal
on Thu Jul 26, 2007 07:25 PM
from the trojan-family-trees dept.
from the trojan-family-trees dept.
flaws writes "The guys at Secure Science Corporation have written a revealing article demonstrating the relationship with the most recent Ransom-based Trojan (known as Glamour) and some previous data stealing trojans. They include an open source decrypting utility for unlocking your files if infected, and some stats that are a bit disturbing. According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan."
This discussion has been archived.
No new comments can be posted.
RansomWare Disassembly Reveals Evolutionary Path
|
Log In/Create an Account
| Top
| 64 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
My poor pornography :( (Score:5, Funny)
Tag this haha and pwned (Score:1)
Because of who the targets are. Re:Why bother? (Score:5, Interesting)
(http://lists.clickers.org/linuxsig/index.html | Last Journal: Friday November 09, @11:00PM)
If you just XOR the data and tell people it's RSA-4096 99.44% of them are going to just accept that it's true (after googling to find out what RSA means) and send you the $300.
No, they are going to look for a "free decoder program," ha ha ha. Oh, the joys of non free software.
Jokes aside, this trojan is aimed at corporate users. If it's easy to fix, big dumb companies will tell their sheep to bring forth their problems and fix them. If the creeps had been bright enough to use real encryption, there would be no solution and embarrassed users will try to fix the problem themselves. Of course, paying $300 to an extortionist will get you nothing more than another request for money unless they want to sell you back each file. For more evidence of this, see Vista pricing.
In a related story (Score:5, Funny)
I keep reading about these. (Score:2)
(http://timgray.blogspot.com/)
What is the infection vector for these things? Is it email, P2P networks fooling people into believing that mp3 really is an EXE file?
although I cant believe that people are stupid enough to fall for a nigerian scam wanting to deposit 30 billion dollars in their accounts overnight either.
Re:I keep reading about these. (Score:5, Informative)
If you've used any common p2p apps like eDonkey or the like, you'll notice that when you search for something, even if you type some arbitrary crap like "huoshgahgauoiwhrgoaghnaj" you'll also get "huoshgahgauoiwhrgoaghnaj.mp3.exe" and "huoshgahgauoiwhrgoaghnaj pics xxx mpeg avi.exe" or similar shit. So someone searching for a keygen is going to get "exactly the keygen they wanted.exe"
off topic, but (Score:1)
You can prevent encryption by creating a reg key (Score:5, Funny)
Mod parent INFORMATIVE (Score:4, Informative)
There is in fact a check for a value of "31337" in a "WinCode" registry key.
Don't be fooled! (Score:1)
Evolutionary Path? (Score:1)
Yeah, but... (Score:1)
Re:Noddleware. (Score:2, Funny)
(http://dwarfsoft.com/)
Re:speaking of trojans (Score:3, Funny)
(Last Journal: Monday June 05 2006, @10:46AM)
I just bought 144 condoms, and now I'm grossly [google.com] oversexed.