Slashdot Mirror
Virus Hold Computer Files 'Hostage' for $200
dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.
Assuming this virus is telling the truth (and I highly highly highly doubt it is), doesn't that mean that there's a simple command you can send to it to fix the problem? What's to prevent anti-virus companies from figuring this out and providing a quick fix?
-dave
http://millionnumbers.com/ - own the number of your dreams
What the hell took so long for this to happen? There are thousands of viruses all around and most of them are so benign. They just eat system resources, send spam, show ads and other bs. It took way too long for someone to make a virus that actually compromises data. I hope soon someone makes one that takes important data files and uploads them to a web server for public view. And another one that overwrites the hard drives 3 or 4 times to prevent data recovery.
Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.
The GeekNights podcast is going strong. Listen!
However, people have been installing and paying spyware removal fees of less than $200, so I won't be surprised when people pay off viruses like this.
Saskboy's blog is good. 9 out of 10 dentists agree.
yet another reason to do regular backups, so you are never solely dependent on your local copies.
I call RTFA ;-)
"The FBI said the scheme, which appears isolated, was unlike other Internet extortion crimes.
Leading security and anti-virus firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed "ransom-ware"."
Saskboy's blog is good. 9 out of 10 dentists agree.
you could just spend the change on a blank cd and back up your data before spending 200 dollars to get it back.
Is it just me, or does this seem a little elementary? FTA:
"I send program to your email," the hacker wrote.
And only demanding $200.00 from a business? Sounds like one of the following must be true:
a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.
b) person is testing the effectiveness of their program.
c) person is too short sighted to think of either a or b.
This is just pathetic.
Of course, this means any honest white knight is going to learn the hard way about 20 feds and a flashlight.
"But all your emitter and collector are belong to me!"
Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.
I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.
Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".
And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
I've written about this before, but I'm *so* waiting for a virus to do one or more of the following:
* alter scheduled appointments in outlook/exchange
* alter contact information in outlook/exchange
* alter information in ms word and ms excel documents
The key to all this is to do it in small doses - change a 3 to a 4, alter appointments by 1 hour, etc, introduce a few wrong spellings into ms word documents, etc.
People have this view that viruses are horribly destructive, and it decreases the estimation of Windows in some. Others stick by Windows, content to use anti-virus stuff because a virus just generally uses up resources indiscriminately or 'steals' data.
If viruses started attacking the integrity of core MS Office products, not 'just' the operating system itself, more damage would be done to MS' hold on corporate america than any attack on the 'operating system' level by viruses.
Put more simply, most people really don't understand the ins and outs of operating systems, nor the potential damage than can be done to them. Everyone can understand the damage that could be done by having your spreadsheets altered without your knowledge.
Well, at least I *think* everyone could understand that.
creation science book
No!!!! Not my 200GB archive of pr0n!! :(
That'll that forever to redownload and organize...
Where do I send the money?
I think you mean the Pakistani Brain Virus.
Software writers, not repair shop. Pakistan, not India. Not the first virus. It was intended to prevent piracy, and wasn't at all intended to be a "ransom."
That's the short version of the story. "Welcome to the Dungeon. Beware of the VIRUS." ;-)
The ransomware could phone home to a cracked server which provides the key. Or public key crypto could be used.
I forget what 8 was for.
Oh yeah. Fuck those gender-descriminating Jedi.
Anakin: "Padme, you're pregnant. I'm afraid-for the good of the baby-you can't go lightsaber dueling or starfigher riding. You can resume such activities when they are safe for you again, mmkay?"
Padme: "Okay. I don't want to lose my child, so I'll sit down for this particular strech of 9 months. It's not like I wasn't involved in lots of gunfights before this, so I think I can deal."
God, some people just try too hard. Your stupid little digression about "sie" and "hir" is almost longer than your entire point.
language derives its meaning from mutual consent. you can't "evolve a new shade of meaning" by yourself. before new forms enter a language, many people must use them for quite a while. we've formalized the lexicon and grammar so that people can actually use language to communicate predictably.
At home, I don't have the problem; since more honorable vendors that distribute their software via apt-get don't run these kinds of protection rackets.
If it uses the same key, but a very long one, all the computers in the world would be very unlikely to break the key in a decent amount of time.
Remember the RC5 challenge? It took 1757 days worth of massive collaboration effort to break a 64 bit key, showing that 64 bits RC5 is not enough for data that is still sensitive after several years.
Now they are trying to break a 72 bit version of the same algorithm. It should take 2^8=256 times more computational effort or over 1000 years with current processing power.
Processing power increases, but you can imagine that something encrypted with a public key algorithm that requires as much effort as 80 bit RC5, could be impossible to break in the time-frame where the data is still valuable, even with a combined world-wide effort.
I wonder if this (or some other) extortion attempt is why my bank recently sent it's customers a warning about a new scam that asks you if you would be willing to become a "money agent" for someone in another country. Supposedly, you would allow money to be deposited in your account and then you would send 90% of it along to a Western Union account. According to the scam, this is supposed to be faster, safer, and cheaper for people in forigen countries.
Seems like a great way of breaking the money trail and it only costs 10%!
Crooks are pretty inventive.
I was thinking more along the lines of "Please insert coin to continue".
What would Brian Boitano do?