Slashdot Mirror
Virus Hold Computer Files 'Hostage' for $200
dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.
If it were real, we would have heard it from Symantec or McAffee long before a third-world news website.
tasks(723) drafts(105) languages(484) examples(29106)
Next time the police captures a virus writer, they should put him in a cell and tell him, we'll leave you here unless another virus writer pays us 200$.
Since they recovered the files without the key, it looks like the guy wrote his own crypto. Score one for the good guys. Next time maybe the guy uses a well written public key library. Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.
There's no reason to think there would be a single interceptable "key" value that would unlock everyone's files. It depends on the skill of the author.
Seriously though, the article does not show me any reason that the virus writer can be trusted on his word alone. How would you know that he really will send the key?
I can see three possible ways this is done: the files could be encrypted with a random key which is sent back to the author - in this case I guess the key could be intercepted on its way out of your computer, but you'd have to anticipate being infected. Alternatively, the virus might always use the same key, in which case one person needs to buy/brute force it and everyone's sorted. Finally, it might use a random key which the writer has no way of knowing - secure, but he'll take the money and run because he doesn't know the key.
In any of those three scenarios I'd think it makes sense to try to avoid giving him any money. Either that or I've missed something.
this is probably just an experiment, to see how many people are willing to pay this ammount to get the files back
He (she?) would get more money if it was a lower ammount in an easy-to-pay system, since many more people would pay.
Maybe we will see the story sometime soon
By reading this, you have given me brief control of your mind.
I lost my third year project (Physics) to one in 1992. Eight months work chewed to bits, but a very nice chap named Jules reconstructed most of it from the actual sectors, with me guessing where-abouts it came from.
Those were, emphatically, NOT the days.
Justin.
You're only jealous cos the little penguins are talking to me.
a chosen plaintext attack might be an interesting defense. you could keep a series of chosen files with different extentions on your computer, so that when you get hit you have them for the decryption effort. Also you should wrap your monitor in tinfoil. ;)
Is to back up your data on a regular basis.
This little bit of wisdom has been around since computers hit the home. Now if only people would follow the advice given to them this virus would be a complete non-issue. Instead, we have a bunch of users who are convinced nothing bad will happen to them, (or are completely oblivious to the dangers), complaining since they didn't do what someone told them it was important to do.
I know I am paranoid, but I make sure important files are regularly copied to 3 different systems. Gmail makes a great place to store some of data - lots of space, geographically separated and administered by people who aren't complete idiots. I also copy my important stuff every week or two and put the disk in a fireproof safe designed for computer media.
This scheme seems to work well against these sorts of viruses as well as natural disasters and harware failures.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
back in the msdos days (aka: the good old days) there was a virus that locked your pc, did something nasty to your mbr (or fat - i forgot) and you had to play a game (or two .. or usually aLOT) on the slots machine. You would get your system back when you got the jackpot.
Anyone else think this comment is funny in light of the signature attached to it?
There was even at least one that could wipe the BIOS eproms, leaving the computer completely inoperable and difficult to repair if not outright irreparable.
Will Microsoft start factoring these little occurances into the TCO of Windows?!
It reminds me of DaHalf.
This one was a perverse bastard. It slowly encrypted your hd track by track at every reboot but decrypted them, so the datas were perfectly safe as long as the virus was there.
If you removed the virus, you lost the datas since the encryption key was in the virus.
Do not remove virii before reading what they are about.
If a virus is on your hd and you want to have it checked, cut the power, remove it from the pc and do not boot it until it is between the hands of a professional.
Consider switching to linux and entering the land of peace of mind.
As for tracing the e-mail well that wont work either: again people do this all the time on e-bay rip offs and none of those get traced.
besides which the attacker might very well be logging your keystrokes and simply watching for you to send any text continaing a fake address he gave you, then sending this real text somewhere else. Fat chance you would notice this in time to do anything about it. He just picks off the western union number, then pays some street urchin to go collect for him.
or you could rig this as sort of a two part thing. One is to have the virus encrypt the files. then "coincidentally" this spam e-mail comes offer to sell you a universal decoder program for the low price of 49.99$. THe company could be legitimate in the same sense that McAffee is legit. They just sell decryption tools. Sure they might be suspect but some company IS going to crack this and when they do they are going to SELL the decoder. The evil-doer merely has to be one of many companies offer this product for sale. It would be in his interest to leak the decoding method just so those decoy compamies would appear.
Some drink at the fountain of knowledge. Others just gargle.
Not a really new idea, it's inside Andrew Tanenbaum's "Modern Operating Systems"!
The virus programmer has to have read the book.
42.
I encountered a virus just 2 years ago, although it had been written in the 1990s, that encrypted files on a hard drive using a randomly generated and locally stored key. If you removed the virus, you'd lose the key, and access to all files that had so far been encrypted. I don't recall the name of the virus right now, but I spent about an hour looking for a fix to this old virus, and fortunately found an old removal utility on a website that was still hosting it, and it retrieved the simple encryption key, and removed the virus after decrypting all of the encrypted files.
Saskboy's blog is good. 9 out of 10 dentists agree.
Yep, I cringed when I saw it too. The other posters' comments about reporters is right on - you can talk for 15 minutes and give them a clear picture of the issue, but they'll pick the most impacting statements instead of the ones that explain it. And if you happen to say something that sounds fucktarded out-of-context, you can rest assured you'll see that quote in the article :)
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/
Not sure if you're a troll or not, but us in the linux community don't want to *WIN THAT WAY*.
Religion is a gateway psychosis. -- Dave Foley
An Amiga virus which name I don't remember did me approximatelly this, to a floppy, like 15 years ago. The virus showed a message telling me to send the floppy to some postcard service. Although I never sent it (it was a backup of some game I owned), I guess that guy didn't have to buy his floppies anymore :-D.