Virus Hold Computer Files 'Hostage' for $200 488
dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.
It won't get a penny from me... (Score:5, Funny)
Re:It won't get a penny from me... (Score:5, Funny)
This makes me wonder... (Score:3, Interesting)
Re:This makes me wonder... (Score:3)
How is this in any way a Windows specific thing? The same virus could be written to run on any OS.
I stand by my earlier statement.
You're an idiot.
Re:This makes me wonder... (Score:3, Informative)
Yes, you can set up XP permissions correctly. Well, XP home kills your ability to do this easily. Read this article [winsupersite.com]. XP Home is pretty much brain dead IMO. From the article about Home vs Pro:
typo (Score:5, Funny)
Oh, wait a minute, never mind...
I forgot we were talking about viruses.
Comment removed (Score:4, Interesting)
Re:It won't get a penny from me... (Score:5, Informative)
generate random key, encrypt data with it (symmetric),
encrypt that key with public one (stored in virus itself), destroy random key, give victim encrypted key.
Victim sends encrypted key to author, he decrypts it using his private key and sends it back.
Re:It won't get a penny from me... (Score:5, Interesting)
The virus programmer has to have read the book.
web services, baby! (Score:3, Insightful)
Re:It won't get a penny from me... (Score:3, Insightful)
Remember the RC5 challenge? It took 1757 days worth of massive collaboration effort to break a 64 bit key, showing that 64 bits RC5 is not enough for data that is still sensitive after several years.
Now they are trying to break a 72 bit version of the same algorithm. It should take 2^8=256 times more computational effort or over 1000 years with current processing
laundering the money (Score:5, Interesting)
As for tracing the e-mail well that wont work either: again people do this all the time on e-bay rip offs and none of those get traced.
besides which the attacker might very well be logging your keystrokes and simply watching for you to send any text continaing a fake address he gave you, then sending this real text somewhere else. Fat chance you would notice this in time to do anything about it. He just picks off the western union number, then pays some street urchin to go collect for him.
or you could rig this as sort of a two part thing. One is to have the virus encrypt the files. then "coincidentally" this spam e-mail comes offer to sell you a universal decoder program for the low price of 49.99$. THe company could be legitimate in the same sense that McAffee is legit. They just sell decryption tools. Sure they might be suspect but some company IS going to crack this and when they do they are going to SELL the decoder. The evil-doer merely has to be one of many companies offer this product for sale. It would be in his interest to leak the decoding method just so those decoy compamies would appear.
Re:laundering the money (Score:5, Insightful)
At home, I don't have the problem; since more honorable vendors that distribute their software via apt-get don't run these kinds of protection rackets.
This won't last long (Score:2)
Re:This won't last long (Score:4, Funny)
"Nuke the site from orbit, it's the only way to be sure"...
This could be good (Score:3, Funny)
Re:This could be good (Score:3, Informative)
Do you really think a virus is going to take spyware hostage and then demand $200 for the key to unencrypt it? I don't know about you, but even if it did, I sure wouldn't be happy with this kind of virus on my computer.
Plus the article mentions this paritcular infection affected only "at least fifteen types of data," most of which were presumably important to the user, like spreadsheets and the like. But again, even if it did encrypt malware ... I don't see how it could be a good thing. Let's introduce the
a fix (Score:5, Insightful)
Re:a fix (Score:3, Insightful)
"restore backup"
Re:a fix (Score:4, Funny)
You are entering the command at the wrong interface. That's not a command you use at a command prompt. It's a verbal command for your IT underling.
Re:a fix (Score:3, Informative)
That is what is particularly scary about this. What if the hacker went offline-- even if you are willing to pay the money, you can't get to the files. They are as good as deleted
Re:a fix (Score:2)
I am surprised we've never seen this as a targeted attack before, or maybe no one has reported it.
Re: (Score:2, Insightful)
Re:a fix (Score:2)
Re:Crypto Question (Score:3, Interesting)
Re:Crypto Question (Score:5, Informative)
If you have just two files its still extremely hard... you need something like 2^23 files to do it in a reasonable amount of time (assuming RSA+IDEA).
This post is incorrect. Probably a semi-subtle troll rather than an honest error.
Neither RSA nor IDEA is vulnerable to a known-plaintext attack. In fact, any cipher that is vulnerable to such an attack is considered completely insecure, especially if only 2^23 "files" are needed.
If you get to choose the contents of one of the files its only about 2^17.
Neither RSA nor IDEA is vulnerable to a chosen-plaintext attack. There were some chosen-plaintext attacks against RSA a few years back (mid 90s), but proper padding eliminates them. And far more than 2^17 trials were required for typical key sizes. Again, no cipher that was vulnerable to such an attack would be considered secure.
Obviosly, if the keys are larger, it will take exponentially longer.
Larger than what? Are you assuming extremely small key sizes in order to achieve the numbers above? Actually, you don't get to pick the size of an IDEA key, because IDEA keys are 128 bits. Though you can arbitrarily fix key bits to produce a smaller effective key, there's no reason why the virus writer would want to do that.
An old remake, using the Net this time, and $$$ (Score:3, Interesting)
Re:An old remake, using the Net this time, and $$$ (Score:3, Informative)
This was the classic example as to why blindly running "fdisk
Re:a fix (Score:4, Funny)
And what if something has no gender and is an "it", you insensitive clod?
Clearly, to avoid offending anyone, we all must start saying "s/h/it".
Re:a fix (Score:3, Interesting)
There's no reason to think there would be a single interceptable "key" value that would unlock everyone's files. It depen
Re:a fix (Score:2)
Re:a fix (Score:3, Informative)
-Joe
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/ [lurhq.com]
Re:a fix (Score:2)
Re:a fix (Score:5, Funny)
McAfee runs on an awful lot of enterprise networks, and tons of home users. I wonder how long brute forcing a key through distributed computing would really take. I wonder if McAfee is already using cycles for nefarious reasons. How long until McAfee becomes self aware!
I need more tinfoil
Re:a fix (Score:5, Funny)
There's a family in CA that would prolly be willing to make you a great deal on some tin foil, only slightly used. How big's your house?
Re:a fix (Score:2)
Of course, all this is assuming there is even the slightest bit of truth in the claim of a virus.
Re:a fix (Score:4, Informative)
so it's already been either bruteforced or cracked. My hunch is that a encryption program carried in a virus would be rather simplistic.
Finally! (Score:4, Insightful)
Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.
Re:Finally! (Score:5, Insightful)
I remember them... (Score:3, Interesting)
Those were, emphatically, NOT the days.
Justin.
Re:Finally! (Score:4, Interesting)
Re:Finally! (Score:3, Interesting)
This one was a perverse bastard. It slowly encrypted your hd track by track at every reboot but decrypted them, so the datas were perfectly safe as long as the virus was there.
If you removed the virus, you lost the datas since the encryption key was in the virus.
Do not remove virii before reading what they are about.
If a virus is on your hd and you want to have it checked, cut the power, remove it from the pc and do not boot it until it is between the hands of a professional.
Conside
Re:Finally! (Score:5, Insightful)
Re:viruses that wipe windows (Score:3, Interesting)
Re:Finally! (Score:5, Insightful)
What will do that is a virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.
So many people have stored their digital camera photos on vulnerable Windows PCs. The only thing that will get them to secure those boxes is the threat that little Sophie's birthday photos, or the last time they went on holiday with Grandma before the illness, might be replaced with hideous porn by some virus...
Insightful, but disgusting. (Score:3, Funny)
Thanks for giving 'em the idea. Next time I go to look at pr0.. I mean my pictures, I'm going to be in fear of opening any of them.. *grumble*
Re:Finally! (Score:3, Funny)
I knew what tubgirl was.
Never heard of lemonparty before.
Now I know.
Allow me to be the first to say:
AAAAAAAAAAAAARRRRRGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
Re:Finally! (Score:4, Insightful)
'course, I've got the sense not to look it up...
Re:Finally! (Score:5, Informative)
There is a thumbnail!
Re:Finally! (Score:3, Insightful)
Subtlely (?) destructive viruses (Score:5, Insightful)
* alter scheduled appointments in outlook/exchange
* alter contact information in outlook/exchange
* alter information in ms word and ms excel documents
The key to all this is to do it in small doses - change a 3 to a 4, alter appointments by 1 hour, etc, introduce a few wrong spellings into ms word documents, etc.
People have this view that viruses are horribly destructive, and it decreases the estimation of Windows in some. Others stick by Windows, content to use anti-virus stuff because a virus just generally uses up resources indiscriminately or 'steals' data.
If viruses started attacking the integrity of core MS Office products, not 'just' the operating system itself, more damage would be done to MS' hold on corporate america than any attack on the 'operating system' level by viruses.
Put more simply, most people really don't understand the ins and outs of operating systems, nor the potential damage than can be done to them. Everyone can understand the damage that could be done by having your spreadsheets altered without your knowledge.
Well, at least I *think* everyone could understand that.
Re:Subtlely (?) destructive viruses (Score:3, Insightful)
Deleting a file will cause staff to notice, and after the virus is removed, the file will be restored.
Changing a few random values in a spreadsheet will likely not be noticed as quickly, and when it is, there may not be any way to work out which daily backup to restore from.
Then there's the effect.
Deleting a file causes irritation, but has no lasting effect.
Altering the file subtly will potentially damage a forecast, change the meani
Re:your new around here arent you (Score:2, Funny)
Don't give in to the demands of terrorists (Score:2, Insightful)
I call hoax (Score:5, Interesting)
Re:I call hoax (Score:2, Funny)
Re:I call hoax (Score:3, Insightful)
"The FBI said the scheme, which appears isolated, was unlike other Internet extortion crimes.
Leading security and anti-virus firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed "ransom-ware"."
Re:I call hoax (Score:5, Informative)
Re:I call hoax (Score:5, Informative)
Payment Options (Score:4, Funny)
Re: (Score:2)
interesting attack (Score:5, Insightful)
yet another reason to do regular backups, so you are never solely dependent on your local copies.
Re:interesting attack (Score:3, Insightful)
Gives new meaning (Score:2)
Re:Gives new meaning (Score:5, Funny)
Heh (Score:3, Funny)
OOOOOOOOOOOOOOOOH GNOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO. It appears to have infected CmdrTaco and now the news is being held hostage!!!!!!!!??!?!?!!!!
1) Infect news site and hold "stories" hostage
2) Hold a slashpoll to see if anyone noticed
3)
4) PROFIT!
I use Bank of America... (Score:5, Funny)
riaa conspiracy (Score:2)
Must be a real moron (Score:5, Informative)
Some files are coded.
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032
Re:Must be a real moron (Score:3, Informative)
Re:Must be a real moron (Score:3, Funny)
I hold files kidnap: "GPL.TXT" is one
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032
Oh, darn...
What? (Score:2, Funny)
Did they Install windows?
was the email address bgates@microsoft.com?
tee-hee
G
Not on my computer pal.. (Score:2)
Re:Not on my computer pal.. (Score:2)
Next time (Score:3, Interesting)
Getting away with it... (Score:5, Insightful)
Ransom (Score:5, Funny)
Or.... (Score:2, Insightful)
I send program to your email... Give me Money! (Score:2, Insightful)
"I send program to your email," the hacker wrote.
And only demanding $200.00 from a business? Sounds like one of the following must be true:
a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.
b) person is testing the effectiveness of their program.
c) person is too short sighted to think of either a or b.
This is just pathetic.
If a smart crook were behind this ... (Score:4, Insightful)
Of course, this means any honest white knight is going to learn the hard way about 20 feds and a flashlight.
And computer criminals everywhere cringe (Score:5, Insightful)
I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.
Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".
And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.
Wow (Score:5, Funny)
Gee, I wonder how he figured that out....
Re:Wow (Score:5, Informative)
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/ [lurhq.com]
Re:Wow (Score:3, Interesting)
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/ [lurhq.com]
Isn't that a feature (Score:5, Funny)
Why so much press.. (Score:5, Funny)
"Malicious Cryptography: Exposing Cryptovirology" (Score:4, Informative)
I'd highly recommend the book (no, I don't know that author).
New Variant (Score:5, Funny)
Sounds familiar... (Score:4, Funny)
Stockholm Syndrome (Score:3, Funny)
The first rule of backing up (Score:3, Interesting)
This little bit of wisdom has been around since computers hit the home. Now if only people would follow the advice given to them this virus would be a complete non-issue. Instead, we have a bunch of users who are convinced nothing bad will happen to them, (or are completely oblivious to the dangers), complaining since they didn't do what someone told them it was important to do.
I know I am paranoid, but I make sure important files are regularly copied to 3 different systems. Gmail makes a great place to store some of data - lots of space, geographically separated and administered by people who aren't complete idiots. I also copy my important stuff every week or two and put the disk in a fireproof safe designed for computer media.
This scheme seems to work well against these sorts of viruses as well as natural disasters and harware failures.
reminds me of the 'jackpot' virus (Score:5, Interesting)
Re:reminds me of the 'jackpot' virus (Score:3, Informative)
Screenshots [virusexperts.com]
There will be no negotiations. (Score:5, Funny)
C:\>format c:
Wow, it's like the movie "Hackers"... only lamer (Score:4, Funny)
How lame is that?
(And that's leaving aside the huge number of social and technical ways this scam could be improved...)
I have a *GREAT* idea to make this a good thing... (Score:5, Funny)
(1) Get this virus into the DMCA-supporters computers.
(2) When they are screaming that all their data is encrypted, kindly inform them that you could create a crack for it and get all their data back, but unfortunately you would run afoul of the DMCA reverse-engineering laws and therefore cannot help them.
Yes. Irony is *NOT* dead!!
A simple request (Score:4, Funny)
Money Agents (Score:3, Insightful)
Seems like a great way of breaking the money trail and it only costs 10%!
Crooks are pretty inventive.
Re:Money Agents (Score:3, Insightful)
Yes, it's possible (Score:5, Funny)
I've seen it in the movies.
The trick is to do that without spending more than $200.