Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Programming IT Technology

RansomWare Disassembly Reveals Evolutionary Path 64

Posted by CowboyNeal from the trojan-family-trees dept.
flaws writes "The guys at Secure Science Corporation have written a revealing article demonstrating the relationship with the most recent Ransom-based Trojan (known as Glamour) and some previous data stealing trojans. They include an open source decrypting utility for unlocking your files if infected, and some stats that are a bit disturbing. According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan."
This discussion has been archived. No new comments can be posted.

RansomWare Disassembly Reveals Evolutionary Path More

RansomWare Disassembly Reveals Evolutionary Path

Comments Filter:

  • Re:I keep reading about these. (Score:5, Informative)

    by necro2607 ( 771790 ) on Thursday July 26, 2007 @09:03PM (#20005055)
    Well, considering that Windows by default doesn't show the file extension for known filetypes, as far as all the noobs can tell, the file they just double-clicked was "Artist - song.mp3", since they wouldn't even see the .exe at the end. Sweet deal eh?

    If you've used any common p2p apps like eDonkey or the like, you'll notice that when you search for something, even if you type some arbitrary crap like "huoshgahgauoiwhrgoaghnaj" you'll also get "huoshgahgauoiwhrgoaghnaj.mp3.exe" and "huoshgahgauoiwhrgoaghnaj pics xxx mpeg avi.exe" or similar shit. So someone searching for a keygen is going to get "exactly the keygen they wanted.exe" .... and so on and so forth. You can imagine how quickly someone will eagerly download and run a keygen they've been looking for for ages that they couldn't find anywhere else.... ;)

  • Mod parent INFORMATIVE (Score:4, Informative)

    by Anonymous Coward on Thursday July 26, 2007 @11:27PM (#20005917)
    Read the report: http://ip.securescience.net/advisories/Glamour-Ran somWare.pdf [securescience.net] page 15.
    There is in fact a check for a value of "31337" in a "WinCode" registry key.

  • Helpful tip (Score:3, Informative)

    by Fish (David Trout) ( 923462 ) <fish@infidels.org> on Friday July 27, 2007 @02:09AM (#20006857) Homepage

    "Well, considering that Windows by default doesn't show the file extension for known filetypes, as far as all the noobs can tell, the file they just double-clicked was "Artist - song.mp3", since they wouldn't even see the .exe at the end. Sweet deal eh?


    Which is why I've been telling people for years the first thing they should do after installing Windows (immediately after selecting the "Show hidden files and folders" option and unchecking (clearing) the "Hide extensions for known file types" and "Hide protected operating system files" options in Control Panel -> Folder Options, View tab) is to run REGEDIT and do a 'Find' for all occurrences of "NeverShowExt" and delete every single one found. All of them (spare none).

    Yes, it is admittedly unappealing (at first) to see all your shortcuts (including those in your Start and Programs menus) with an ugly ".lnk" extension following them, but trust me, you get used to it pretty quickly.

    Perhaps it's just me but I personally prefer my operating system not to lie to me by default. The above procedure ensures that it doesn't.

    p.s. your example is a poor one; the ".exe" extension is always shown (never hidden) by default.

    Now ".vbs" files on the other hand...

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close