Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Crime Encryption Microsoft Privacy Windows

New Ransomware Poses As A Windows Update (hothardware.com) 89

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.

While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."
This discussion has been archived. No new comments can be posted.

New Ransomware Poses As A Windows Update

Comments Filter:
  • by dimethylxanthine ( 946092 ) <mr.fruit@gmaiNETBSDl.com minus bsd> on Sunday August 28, 2016 @08:34AM (#52784777) Homepage
    Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D
    • That would be "New Windows update poses as ransomware", right?
    • "New Microsoft Malware Poses as Operating System"

  • by Anonymous Coward

    Seriously? Why is this allowed in modern web browsers? I haven't seen one in forever, though part of that may be my use of various addons like ad-blocks and No-Script.

    It seems there's NO excuse at all, at ALL, for unauthorized pop-up windows nowadays.

    • by Sigma 7 ( 266129 ) on Sunday August 28, 2016 @09:54AM (#52785001)

      Why are unauthorized popups still a thing?

      The latest ones I encountered no longer do popups, but instead use Javascript to redirect the page to some third party website (or even a data:// url.)

      Not technically popups, but still something just as trivial.

      Seriously? Why is this allowed in modern web browsers?

      Perhaps some Netscape 2.0-4.x developer thought it was a good idea to automatically execute anything on an HTML page - despite the well known examples of viruses that try infecting every Dos program, or every boot sector.

  • "Get off my turf, punk!"

  • Vultures (Score:1, Insightful)

    by Anonymous Coward

    I hate people who do this. If you can write software, you can have a comfortable life without doing shit like this. What a waste.

  • TFA misses the most important part of the story. What is it we might do that exposes us to this malware?

    (Apart from running Windows that is)

    As far as I know my browser cannot access my files so nothing on the web I click on can cause this problem. In theory.

    If there is a buggy browser that allows this I want to know which it is.

    Anyone have a link to the ransomware site?
     

  • That would seem to be important, no?
    Thanks.

    P.s. TFA does not specify.

  • Is it a game changer? Previously, ransomwares were encrypting your files silently in the background, and now it does the same while displaying a Windows update box. No big change.

  • It only forces you to pay once, while the actual windows 10 update forces you to pay continually.
  • Anyone affected has a pretty good case to have Microsoft reimburse them for any losses - after all, MS has been using these exact same tactics for the past year, so at this stage, users won't hesitate to run anything MS sends them - particularly if it carries the promise of finally fixing some of these game-breaking bugs that have been thrust upon us my our most gracious overlords at Microsoft - also, Windows 10 is SO secure, it would never let the cryptolocker run - and certainly not in the background.

Ignorance is bliss. -- Thomas Gray Fortune updates the great quotes, #42: BLISS is ignorance.

Working...