RansomWare Disassembly Reveals Evolutionary Path

flaws writes "The guys at Secure Science Corporation have written a revealing article demonstrating the relationship with the most recent Ransom-based Trojan (known as Glamour) and some previous data stealing trojans. They include an open source decrypting utility for unlocking your files if infected, and some stats that are a bit disturbing. According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan."

Because of who the targets are. Re:Why bother?

[twitter]

If you just XOR the data and tell people it's RSA-4096 99.44% of them are going to just accept that it's true (after googling to find out what RSA means) and send you the $300.

No, they are going to look for a "free decoder program," ha ha ha. Oh, the joys of non free software.

Jokes aside, this trojan is aimed at corporate users. If it's easy to fix, big dumb companies will tell their sheep to bring forth their problems and fix them. If the creeps had been bright enough to use real encryption, there would be no solution and embarrassed users will try to fix the problem themselves. Of course, paying $300 to an extortionist will get you nothing more than another request for money unless they want to sell you back each file. For more evidence of this, see Vista pricing.

Re:I keep reading about these.

[Aellus]

I'm living at my parents house for the next month while I'm in transition between two places. Conveniently, my fathers machine has gone haywire and I'm still trying to figure out what happened to it (OS install crashes every time, and _yes_ that includes various forms of linux). Anyway, I've come back to my computer from time to time and discovered he has been checking his email on it. Twice I've noticed that the firefox download window still had random .pdf and .exe files. He once left an email page open that he had clicked on informing him that he had received a wonderfully animated greeting card, and to view it he had to click the link to http://xx.xx.xx.xx/something.exe [xx.xx.xx]. Oh yes, he clicked. I'm terrified what is hiding on my machine right now.

Re:I keep reading about these.

[Lavene]

Do people still really open attachments from people that do not know or were not expecting? Are people really executing unknown .exe files?

A fun experiment: Write a small, harmless program that when executed send a single ping to your home machine/ server and an equally simple program to count the incoming pings on said system.

Write a short message saying something like "The well known virus 'YouAreTooStupid' is again spreading across the Internet. Please run the attached program to clean and/ or immunize your PC", attach your little program and send it to twenty people. Then sit back and watch your counter...

It will keep counting for days or even weeks. Your non-viral little program will spread like a virus as stupid people 'immunize' their system. Writing viral code is just a waste of time... just ask people to distribute your malware for you. They are more than happy to do so.