Virus Hold Computer Files 'Hostage' for $200

dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.

It won't get a penny from me...

[yotto]

...Until I see a photograph of my files with today's paper.

Re:It won't get a penny from me...

[c0ldfusi0n]

In other news, virus writers associate with milk producers to print the output of "dir" on the back of the milk cartons.

Re:It won't get a penny from me...

[MoonBuggy]

Seriously though, the article does not show me any reason that the virus writer can be trusted on his word alone. How would you know that he really will send the key?

I can see three possible ways this is done: the files could be encrypted with a random key which is sent back to the author - in this case I guess the key could be intercepted on its way out of your computer, but you'd have to anticipate being infected. Alternatively, the virus might always use the same key, in which case one person needs to buy/brute force it and everyone's sorted. Finally, it might use a random key which the writer has no way of knowing - secure, but he'll take the money and run because he doesn't know the key.

In any of those three scenarios I'd think it makes sense to try to avoid giving him any money. Either that or I've missed something.

Re:It won't get a penny from me...

[HadenT]

Why not:
generate random key, encrypt data with it (symmetric),
encrypt that key with public one (stored in virus itself), destroy random key, give victim encrypted key.
Victim sends encrypted key to author, he decrypts it using his private key and sends it back.

Re:It won't get a penny from me...

[Inkieminstrel]

Anyone else think this comment is funny in light of the signature attached to it?

Re:It won't get a penny from me...

[Happy+Monkey]

Would a screenshot alongside today's USAtoday.com work?

Re:It won't get a penny from me...

[tchernobog]

Not a really new idea, it's inside Andrew Tanenbaum's "Modern Operating Systems"!
The virus programmer has to have read the book.

Re:It won't get a penny from me...

[magefile]

Why not some sort of hash? Say, md5 "victims_ip_address" + "salt"? If the salt is known only to the virus writer, there's not much you can do.

Re:It won't get a penny from me...

[GauteL]

If it uses the same key, but a very long one, all the computers in the world would be very unlikely to break the key in a decent amount of time.

Remember the RC5 challenge? It took 1757 days worth of massive collaboration effort to break a 64 bit key, showing that 64 bits RC5 is not enough for data that is still sensitive after several years.

Now they are trying to break a 72 bit version of the same algorithm. It should take 2^8=256 times more computational effort or over 1000 years with current processing power.

Processing power increases, but you can imagine that something encrypted with a public key algorithm that requires as much effort as 80 bit RC5, could be impossible to break in the time-frame where the data is still valuable, even with a combined world-wide effort.

Re:It won't get a penny from me...

[SirTalon42]

Um... isn't the salt put at the front of the md5sum?

Re:It won't get a penny from me...

[lcsjk]

Are you talking about this comment or that comment?

Re:It won't get a penny from me...

[Inkieminstrel]

The other comment.

Re:It won't get a penny from me...

[dextroz]

can you just paste the comment here? Now I don't think anyone knows which comment we are talking about...

Re:It won't get a penny from me...

[Lord+Apathy]

F) Call the FBI, pay the ransom, and follow the money trail. Then bust the guy for extortion, wire fraud, and whatever else they can think of. Then the bastard spends the next 15 years in the pen taking it up the ass from someone named bubba.

Works for me.

Re:It won't get a penny from me...

[Ryosen]

He said a newspaper, not a dishrag.

Re:It won't get a penny from me...

[Kent+Recal]

In other news, virus victim associates with milk producers to print distributed-RC5-crack workunits on the back of milk cartons. "Please solve this puzzle and help this guy to get back at his data"

Re:It won't get a penny from me...

[icypyr0]

Too bad an FBI investigation/ prosecution costs over $200,000 on average. That's 1000x the $200 ransom. Bottom line; it would have to be a widespred thing for the FBI to give a shit.

Re:It won't get a penny from me...

[magefile]

Doesn't really matter, does it?

Cat got your tongue? (something important seems t

Virus writers need to eat too!
-r

This won't last long

[Mycroft_514]

before the perpotrators find out that to get get, you follow the money!

Re:This won't last long

[Mysticalfruit]

Then...

"Nuke the site from orbit, it's the only way to be sure"...

This could be good

[a_greer2005]

IF it takes spyware hostage

Re:This could be good

[R.Mo_Robert]

Do you really think a virus is going to take spyware hostage and then demand $200 for the key to unencrypt it? I don't know about you, but even if it did, I sure wouldn't be happy with this kind of virus on my computer.

Plus the article mentions this paritcular infection affected only "at least fifteen types of data," most of which were presumably important to the user, like spreadsheets and the like. But again, even if it did encrypt malware ... I don't see how it could be a good thing. Let's introduce them to Ad-Aware, Spybot, etc. instead, and safe browsing habits--the lack of which probably allowed both this virus and the malware on the computer in the first place.

Re:This could be good

[a_greer2005]

It was a JOKE, I thought it would / should be modded "funny"

Re:This could be good

[Koiu+Lpoi]

Unless the end user is clueless and actually pays the 200 dollars to release the spyware - especially if it's the nasty kind of spyware that causes windows to stop working if improperly removed.

Re:This could be good

[kosmicki]

If I had points I'd have labeled this one insightful ;)

a fix

[MankyD]

Assuming this virus is telling the truth (and I highly highly highly doubt it is), doesn't that mean that there's a simple command you can send to it to fix the problem? What's to prevent anti-virus companies from figuring this out and providing a quick fix?

Re:a fix

[pentalive]

A simple command to fix this? try
"restore backup"

Re:a fix

[koreaman]

You have to buy the encryption key used to encrypt the thing.

Re:a fix

[keshto]

Because if the hacker has encrypted the files with a random passphrase and assuming this passphrase isn't the same for all the computers he attacks, it is highly unlikely a security company will be able to easily decrypt the files.

That is what is particularly scary about this. What if the hacker went offline-- even if you are willing to pay the money, you can't get to the files. They are as good as deleted

Re:a fix

[Markus+Persson]

It could be encrypting the files using the public key of the virus makers secret key.

Unless you found some very fast new way of factoring primes, that'd take a very long time to crack

Re:a fix

[squiggleslash]

What makes you think that?

If I were the extortionist, I'd write the code to obtain a key from some source (perhaps be pre-loaded with several thousand precalculated RSA "public" keys), encrypt the files, and then release a decrypter with the relevent private key for that particular system.

This works because RSA encryption involves keys that have a public and private portion. The public key is used to encrypt but once encrypted, the data can't be decrypted without the private key. It is immensely difficult to calculate what the private key that goes with a public key is, for larger key sizes (128bits and more) we're talking of the order of decades for the fastest computers to work out. So it's "Pretty Good" encryption.

So, if he's done his homework ("he" is generic here, I don't mean to imply the person who wrote this is of one gender or another, I know that terms like "sie" and "hir" are probably less known on /. than in other groups where gender discrimination is considered a more important issue that must be tackled. This isn't the 1950s any more, or even the kind of Star Wars crap where women are seen as bearers of future Jedi who stay home and get all emotional and lose the will to live when their partners turn to the Dark Side), this kind of scam will work pre[tt]y well.

Re:a fix

[wren337]

Since they recovered the files without the key, it looks like the guy wrote his own crypto. Score one for the good guys. Next time maybe the guy uses a well written public key library. Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.

There's no reason to think there would be a single interceptable "key" value that would unlock everyone's files. It depends on the skill of the author.

Re:a fix

[MankyD]

But still, have someone pay for it once (or discover it through brute force if they dare wait that long) and then simply hand the private key out to everyone else. $200 to fix a catastrophe seems like a cheap price to pay. Hell, maybe you'd get lucky and catch the guy by following the money.

Re:a fix

[Lehk228]

not so much "skill" but rather "knowing jach shit about crypography"

Re:a fix

[wren337]

See my post below, there's no reason to have thousands of public/private key pairs. Combining public/private with a random symmetric key is a time tested alternative. PGP uses IDEA for encryption and public/private key crypto to protect the random IDEA key.

Re:a fix

[Mr+Guy]

Thanks for playing, but you'd only need the hacker to pony up the key once and they can distribute it. Secret key encryption is only safe if the secret key is. Even creating a random key pair for for your computer and doing a key exchange wouldn't work because it'd have to store the key somewhere to decrypt the files later.

Of course, all this is assuming there is even the slightest bit of truth in the claim of a virus.

Re:a fix

[flibble-san]

or even the kind of Star Wars crap where women are seen as bearers of future Jedi who stay home and get all emotional and lose the will to live when their partners turn to the Dark Side

Damn you spoiled the movie for me now!

Re:a fix

[Mr+Guy]

(or discover it through brute force if they dare wait that long)


McAfee runs on an awful lot of enterprise networks, and tons of home users. I wonder how long brute forcing a key through distributed computing would really take. I wonder if McAfee is already using cycles for nefarious reasons. How long until McAfee becomes self aware!

I need more tinfoil

Re:a fix

[wren337]

That works for the attacker. If you target one big company and get good penetration, you can point out that if there are any signs of trouble you'll disappear and they'll never get their files back.

I am surprised we've never seen this as a targeted attack before, or maybe no one has reported it.

Re:a fix

[hackstraw]

What's to prevent anti-virus companies from figuring this out and providing a quick fix?

Oh, they might, and only charge $250 for the fix :)

Re:a fix

[Markus+Persson]

Why would he pony up the key?

Generate a random pad the same size as the file, xor the file using the pad, encrypt the pad with the public key and save to disk.
Then the user sends the encypted pad somewhere (possibly a webservice), and pays $200. The hacker descrypts the pad and sends it back.

Re:a fix

[ggvaidya]

You made me laugh out loud. Thanks a million!

Re:a fix

[slavemowgli]

I know that terms like "sie" and "hir" are probably less known on /. than in other groups where gender discrimination is considered a more important issue that must be tackled.

Actually, if you want to be gender-neutral, you should just use "they", "their" and so on. "Sie" (or "shi"), "hir" and so on are sometimes used as pronouns for intersexuals, so using them as gender-neutral pronouns just causes even more confusion - and unnecessary confusion, for that matter, since using "they" for that purpose is common and understood pretty much everwhere.

Re:a fix

[mrchaotica]

No, "they", "their", and so on are plural. If you want to be gender-neutral, you should use "he" and "his."

Re:a fix

A simple command to fix this? try
"restore backup"

'restore' is not recognized as an internal or external command, operable program or batch file.

.

Re:a fix

[DrSkwid]

("he" is generic here, I don't mean to imply the person who wrote this is of one gender or another, I know that terms like "sie" and "hir" are probably less known on /. than in other groups where gender discrimination is considered a more important issue that must be tackled. This isn't the 1950s any more, or even the kind of Star Wars crap where women are seen as bearers of future Jedi who stay home and get all emotional and lose the will to live when their partners turn to the Dark Side)

for someone so fucked up by the PC police, one would have thought you'd know the difference between gender and sex.

Re:a fix

[XMyth]

See comment - http://it.slashdot.org/comments.pl?sid=150538&cid= 12623278

Re:a fix

[jschottm]

I need more tinfoil

There's a family in CA that would prolly be willing to make you a great deal on some tin foil, only slightly used. How big's your house?

Re:a fix

[budgenator]

according to TFA

Stewart managed to unlock the infected computer files without paying the extortion, but he worries that improved versions might be more difficult to overcome.

so it's already been either bruteforced or cracked. My hunch is that a encryption program carried in a virus would be rather simplistic.

Re:a fix

[Raphael]

Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.

Minor variation to make things even worse: keep on generating random symetric keys every few seconds and encrypt them with the public key. This ensures that someone who manages to dump the memory while the worm is running has no chance to find the key that was used for encrypting some previous files. This also reduces the opportunities for a brute force attack on the symetric key (we have a large amount of known plain text in this case). Sending dozens or even hundreds of these encrypted keys by e-mail should not be a big deal.

Also, it may be better (or worse, if you take the right point of view) to give a set of public keys to the worm, instead of a single one. This ensures that if one public/private key pair is compromised through brute force (on the key or on its owner), there would still be other opportunities for extorsion.

Things are likely to get more interesting now that some moron has started to use this extorsion technique (even if he did not do it in the "right" way).

Re:a fix

[httptech]

It's not a command in the trojan that decrypts the files, it's a program the trojan author sends you after you send him $200. However, the encryption is trivial and just about any reverse-engineer could write a decryptor for you.

-Joe

Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/

Re:a fix

[WhiteDragon]

"they" etc. are now completely accepted as gender-neutral singular forms, as well as the standard plural usage.

Re:a fix

[vorm]

I wonder how long brute forcing a key through distributed computing would really take.

Distributed.net actually has project running attempting to do this. So far they have brute forced keys up to 64bits in length. However breaking 64bit key took 1757 days, and at there current pace it could take over 900 years to break the 72bit key. So the bottom line is that if this guy is using a key of any size it's not going to be possible.

Restore from backup and hope they catch the jerk.

Re:a fix

[MankyD]

Perhaps my use for the word "command" is being taken to literally. I simply meant to suggest that it sounds like simple steps can be taken to unlock the software.

Re:a fix

[plaxion]

"s/he" and "his/er" works quite well if you need to get anal about it.

Re:a fix

[unapersson]

> No, "they", "their", and so on are plural. If you
> want to be gender-neutral, you should use "he" and
> "his."

In English as opposed to American English it is perfect valid to use "they" and "their" to be gender neutral. Looks much less stupid than when using a specific gender to give an example in a user manual.

Re:a fix

[UncleFluffy]

No, "they", "their", and so on are plural. If you want to be gender-neutral, you should use "he" and "his."

The OED disagrees with you and cites historical precedent. However, it does note that your opinion exists.

Re:a fix

[httptech]

Yes, simple steps as in reverse-engineer and write a decryptor for it. I've already done this, in fact.

-Joe

--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/

Re:a fix

[Mr+Guy]

From one of the projects on distributed.net:

There have been 64,264 participants
since the beginning of this project.
8,934 of them were active yesterday
and of those, 29 were brand-new participants.

In comparison, McAfee numbers seem to be around 2 million home users and upwards of 30 million corporate licenses.

That said, if McAfee DID undertake this nefarious scheme, I'd expect it to take them upwards of 2 years to crack a 72 bit key. (Distributed.net's projected estimate is 348,018 days divided by the roughly 500 times larger base) When you factor in that the bulk of McAfee's clients are running on corporate machines, they may be able to top that rate.

Re:a fix

[91degrees]

Unless you found some very fast new way of factoring primes, that'd take a very long time to crack

I have. The factors of a prime, are the prime, and 1.

(And I know what you meant. I just couldn't resist)

Re:a fix

[Durandal64]

Since when? "They" is the plural form, and the usage of the plural form of the verb "be" following it is consistent. Do you say "I like that person because they is cool"? No, you say, "I like that person because they are cool." People who use "they" in place of a gender-neutral pronoun are all admitting that "they" is, in fact, a plural pronoun. If these people can't even maintain consistency in their usage, why the hell should we consider their usage acceptable?

The gender-neutral pronoun in the English language is and has always been "he". Period. You can use "she" if you want, and that's fine. If you want to make up a new word or bastardized version of two words (like "s/he"), also fine. If you want to change the sentence to refer to a generic group of individuals rather than one person (which works most of the time), then also fine. But substituting "they" for "he" or "she" is not acceptable because you break consistency among the verbs in the sentence.

Re:a fix

[Andrewkov]

Assuming you have no backups, that could really be a problem. Everyone does keep backups, right?

Re:a fix

[Your+Pal+Dave]

"s/he" and "his/er" works quite well if you need to get anal about it.

And what if something has no gender and is an "it", you insensitive clod?

Clearly, to avoid offending anyone, we all must start saying "s/h/it".

Re:a fix

[newrisejohn]

The virus uses ROT13 encryption.

Re:a fix

[VE3MTM]

There's no reason why a virus writer couldn't embed an implementation of RSA or AES in a virus... Drop-in implementations are out there.

Re:a fix

[Pflipp]

How long until McAfee becomes self aware!

Long as it isn't even aware that all it plightfully does is stalling Java build processes, I don't really think you'll have to worry.

Re:a fix

[SirTalon42]

And if he used more than 72 bits? And if all files aren't encrypted with the same key? Well you would be screwed.

Re:a fix

[budgenator]

The thought of that give me the willies, guess we're going to have to move a copy of anything important to a samba directory and chmod it 000! Of course just running
1. non-admin,
2. using a non-IE browser,
3. using an anti-virus scanner,
4. an anti-spyware scanner,
5. a software-firewall,
6. and a hardware firewall
should help for those out there that think Linux/BSD/OSX is too complicated for a desktop.

Re:a fix

[wren337]

Set up an unattended decrypt server on a hacked box somewhere. Make it require some proof of payment token that the server can verify, like a payapl payment id. then the server moves the money out of paypal before returning the decrypted key. you leave it run for however long it takes for it to be taken down.

Re:a fix

[frankvl]

What's to prevent anti-virus companies from figuring this out and providing a quick fix?

Such a virus is the best marketing they can have

Re:a fix

[Binestar]

'restore' is not recognized as an internal or external command, operable program or batch file.

You are entering the command at the wrong interface. That's not a command you use at a command prompt. It's a verbal command for your IT underling.

Re:a fix

[neumayr]

Uhm, what's the software firewall for?
Check out this text, I think it makes some very good points against the use of such software.

Re:a fix

[budgenator]

software firewalls are actually nice to see what's trying to get out, what's trying to get out is sometimes more important than what's trying to get in. An arguement could be made that all firewalls are software, just some of the hardware is dedicated to the firewall software and some is shared.

Re:a fix

[UserGoogol]

Not really.

Grammatical gender is one definition, but gender-for-people is a well accepted definition, and is useful not only times when you're too squeemish to say sex, but also for transsexuals, where biological sex and sexual identity don't overlap.

Re:a fix

[neumayr]

That is a useful feature, but I'm sure is is less complex (error prone) software that does this.
At least there should be..

Of course there's software running on hardware routers, I was refering to the "personal firewalls" running on workstations. Weren't you?

Re:a fix

[jonadab]

> My hunch is that a encryption program carried in a virus would be rather
> simplistic.

Yeah, but in later operations, the blackhats will realize that the encryption program doesn't have to be carried in the virus; all the virus needs is enough networking code to retrieve the real payload from elsewhere. The real payload can then proceed to do RSA encryption with a 1024-bit key and follow that up by continuously writing over the originals with alternating layers of random bits and fixed patterns while port-scanning for vulnerable IIS and MS SQL servers to use to pass itself along, and also emailing itself to everyone in the user's address book, putting copies of itself (called something like newlogo.jpg.exe) on every open CIFS fileshare on the LAN, and sending full-color brochures to any printers it finds featuring a URL of a compromised webserver that hosts another copy of itself -- oh, and looking for a modem that it can use to place calls and play a pre-recorded voice message...

Finally!

[Apreche]

What the hell took so long for this to happen? There are thousands of viruses all around and most of them are so benign. They just eat system resources, send spam, show ads and other bs. It took way too long for someone to make a virus that actually compromises data. I hope soon someone makes one that takes important data files and uploads them to a web server for public view. And another one that overwrites the hard drives 3 or 4 times to prevent data recovery.

Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.

Re:Finally!

[i.r.id10t]

You've not been around computers for long have you? We used to have all these nasty viruses, before Visual Basic and script kiddies, back when AOL wasn't on the Internet and dial up was mostly BBSes. Boot sector viruses, trashing hard drive controllers, etc.

Re:Finally!

[meringuoid]

Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.

What will do that is a virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.

So many people have stored their digital camera photos on vulnerable Windows PCs. The only thing that will get them to secure those boxes is the threat that little Sophie's birthday photos, or the last time they went on holiday with Grandma before the illness, might be replaced with hideous porn by some virus...

Re:Finally!

[rednuhter]

you are talking about the Vx scene 10 years ago when viri were not afraid to decimate your hard disk, they just waited a short time before doing so.
The infection spread regardless of how they treated the host (after atleast one copy was made).
Most viri back then were transmitted by floppy disk boot blocks.

Re:Finally!

[MullerMn]

I knew what goatse was.
I knew what tubgirl was.
Never heard of lemonparty before.
Now I know.

Allow me to be the first to say:
AAAAAAAAAAAAARRRRRGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!

Re:Finally!

[EnglishTim]

Yes, I'd never heard of lemonparty before either.

'course, I've got the sense not to look it up...

Re:Finally!

[sosume]

I too was innocent on the subject of lemon party.

I expected some funky game involving lemon juice and pie ..

Now I know as well.

This is even more gross than goatse, parrot or tubgirl! As a matter in fact I'm taking the rest of the day off, avoiding elderly people, to make sure my mind can recover.

Fellow /.ers, please take my advise and do NOT google for it.

I won't be able to get the image I just googled out of my memory next time someone mentions a lemon .. even though I don't really understand the 'lemon' part

Re:Finally!

[Pastis]

You can learn about lemonparty here, but browse without images...

http://www.encyclopediadramatica.com/index.php/Lem onparty

Re:Finally!

[cecille]

are you kidding me? boy, yeah, it's sure a good thing that viruses are getting more destructive...maybe now people will do more to stop viruses....

first of all, let's be realistic...unless a person actually gets this virus, very few people who don't already have some knowledge of computer security issues already are even going to know/care about this. No matter how destructive it is, there are still going to be lots of people out there with little to know security measures in place. And when they call me up to fix their computers, I'd much rather be dealing with some stupid runaway program than a totally wiped hard-drive with no chance of recovery.

Even with some security measures in place, I mean, let's face it...there's no such thing as absolute security. Especially for your average user or small business who doesn't have the same type of time / resources to keep everything always patched and up to date. Viruses ARE going to sneek through - that's the whole point of a virus. And if it does...I'd much rather have some stupid thing that pops up random ads than something that's going to force me to do some major system restores to get things back to normal.

so, no, I definately don't think that more destructive viruses are a good thing. Given the choice, I'd say the best thing would be no viruses at all, but that's never going to happen. Even so, I'd much rather have something smaller and easier to fix than something that's going to cause major damage.

Re:Finally!

[earthloop]

lemonparty

You bast4rd! Didn't know what that was, but soon found out.

Re:Finally!

[caluml]

They read Slashdot, and liked my idea.

Re:Finally!

[mrchaotica]

Eek. WTF is "parrot?"

Re:Finally!

[Dusabre]

WATCH OUT!

There is a thumbnail!

Re:Finally!

[ggvaidya]

And many many more shock sites can be found, all carefully catalogued - WITHOUT PICTURES - in the Wikipedia.

Note: it's a wiki, don't blame me if somebody puts the image up after I've posted this ...

Re:Finally!

[Ann+Elk]

What will do that is a virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.

No! Don't replace the images on the local disk -- insert them randomly into outgoing email messages.

Re:Finally!

[intangible]

Hahahah, good job. At least 5 people already were tricked to looking at the images. Probably many more are just too horrified to post a reply (for some reason I think of the people's faces from "The Ring").

Most people try underhanded ways to "get" someone by linking to those images in their posts, you got many with no amount trickery. I applaud you.

Those images are burnt in my retinas for all of eternity, even the thought causes loss of appetite. It is all of our mission to bring those pictures to the masses, so they can suffer^H^H^H^H^H^Hexperience them as well.

Re:Finally!

[hazah]

It sounds like the good ol' days could just be that kick needed to get the train going... somewhere. Honestly, if you just close your eyes, and imagine the network, and the infections it carries, it looks like a waste land. One of these infections will be big, and *then* [hopefuly] there will be a "patch" of global proportions (after significant data loss).

Re:Finally!

[DGregory]

There's still an image there *washes eyes out with soap*

Re:Finally!

[fermion]

Because we are now widely networked in a monoculture, so the succesful virus tends to be one that infects many hosts, often secretly. Therefore, any virus that makes itself known, or kills the host too quickly, will tend not to be as succesful.

This is different from the early viruses which depended on sneaker net. These tended to kill the host quickly, but leave an active remnant, say in the form of an infected disk, that could propogate the virus. These viruses were primitive and rather pointless, as opposed to the objective based modern viruses.

Of course some realy early viruses did depend on direct connected network, but there were not as many machines to infect.

Another issue is threat level. Many modern viruses are succesful without being an exxtreme threat. They are therefore allowed to live, without the risk of extreme retaliation.

Re:Finally!

[srleffler]

There was even at least one that could wipe the BIOS eproms, leaving the computer completely inoperable and difficult to repair if not outright irreparable.

Re:Finally!

[mattspammail]

Gee. You're such the soothsayer.

Re:Finally!

[dragonman97]

Um...I don't get it. If it's mentioned in the same breath as goatse & tubgirl, why in the world would you *try* to find it? I mean, really, you got what you asked for, don't you think?

*sigh* This is a sad day for /. - seeing the number of posts around this, I'm stunned that people would 'fall' for such a thing.

Re:Finally!

[Rorschach1]

Must.... resist... urge to Google!

Re:Finally!

[FecesFlingingRhesus]

And he got a +5 funny to boot. Touche!!!

Re:Finally!

[fubar1971]

Can you say:

"Your computer is now stoned!!"

Re:Finally!

[mrchaotica]

Yeah, that's exactly why we don't see really destructive viruses anymore: they've evolved. Just like biological viruses, computer virus writers have learned that your virus will spread farther if it doesn't completely kill the host, or generate an overwhelming immune response.

Re:Finally!

[imr]

It reminds me of DaHalf.
This one was a perverse bastard. It slowly encrypted your hd track by track at every reboot but decrypted them, so the datas were perfectly safe as long as the virus was there.
If you removed the virus, you lost the datas since the encryption key was in the virus.

Do not remove virii before reading what they are about.
If a virus is on your hd and you want to have it checked, cut the power, remove it from the pc and do not boot it until it is between the hands of a professional.
Consider switching to linux and entering the land of peace of mind.

Re:Finally!

[Pastis]

Reread my comment.

"You can learn about lemonparty here, but BROWSE WITHOUT IMAGES..."

Re:Finally!

[Rirath.com]

My "favorite", as in most memorable threat, was the Michelangelo virus. I remember hearing so much about this, most of which was entirely untrue. It was the Y2K bug, in many ways... a real threat, with real damage, but way overblown.

http://www.vmyths.com/fas/fas_inc/inc1.cfm
http://www.everything2.com/index.pl?node=Michelang elo%20virus

I believe I even heard this virus credited with the then -very- scary task that, if you viewed an infected file while you had the virus, it would then be wiped out. Of course, that's not the case. Not sure if this was simply confusion for another real virus, or just some made up tale.

Re:Finally!

[skubeedooo]

Most people would say that computer security is just a means to (not) getting fucked over. OTOH, you seem to think that getting fucked over is just a means to computer security.

Whilst we all have to live by our own ethics, and it is usually a good thing to respect the ethical systems of others, I have to admit that I think your are messed up.

P.S. - Do you also think that famine is a good method of population control?

Re:Finally!

[t_pet422]

When I hear new slang (especially when it's categorized with goatse and tubgirl), I look it up on urbandictionary.com. You would have known what the poster was talking about without having to wash your eyes afterwards.

Re:Finally!

[Xiaran]

It reminds me of DaHalf.

I recall that one. One of my old DOS boxes at the office I was working in had it... didnt really matter as it was our test box and we trashed it all the time anywya :)

The nasty one I recall (cant recall its name) was the one that went around looking for files ending in .cpp and .pas, but not .c, and wrote nulls to all the bytes. I often wondered who did that. A disgruntled K&R C programmer I've always imagained.

Re:Finally!

[mrchaotica]

Have you ever heard the phrase "curiosity killed the cat?" It's like a siren's call -- they know it's bad, but they can't help themselves.

Re:Finally!

[magefile]

Which would be better: limit it to images in My_Documents, or *all* jpgs? I can see it now ... not only is your desktop GoatseGuy, but so is the start button, the task bar, your icons ... I feel unclean now, I need to go take a shower.

Re:Finally!

[magefile]

I can see looking it up if you didn't know what the others were ... but if you knew, why didn't context warn you? For anyone else who's curious, wikipedia has a list of shock sites that is picture free (be warned, though, there are links on the pages, so don't double-click!): http://en.wikipedia.org/wiki/List_of_shock_sites

Re:Finally!

[Nivoset]

can we dub it now as "Curriosity Blinded the Slashdotter?"

Re:Finally!

[minuend]

Damn, that is a good idea. I'll get right on that.

Re:Finally!

[Animats]

There are thousands of viruses all around and most of them are so benign.

Yeah. Just annoying enough to sell anti-virus software, but not dangerous enough to force people to get a more secure operating system. I've always suspected a covert connection between the anti-virus makers and the virus creators. It looks too much like the connection between organized crime protection rackets and the low-end street gangs they paid to do their vandalism.

Re:Finally!

[sinserve]

How 'bout:

"Eddie lives somewhere in time"

Re:Finally!

[Izmir+Stinger]

It is the Dr.Evil of viruses:

"I have encrypted thousands of files on your corporate network, causing your company's productivity to grind to a halt. I will not decrypt them unless you pay me... two HUNDRED dollars!"

Re:Finally!

[arkhan_jg]

There used to be a few virus 10 years ago that would screw up your hard drive controllers, or overwrite the bios, or even just feck your mbr.

The problem with them, from the virus writers point of view, is threefold:

1)they kill the infected machine, so don't spread so easily or as much
2)they encourage people to get it fixed, and protect themselves better in future
3) they don't make the virus writer any money.

These days, viruses and trojans are largely written to make the writer money, either by spam schemes, popup adverts, or phishing. That's why they're mainly annoying these days, rather than dangerous to the machine per se.

People writing viruses for bragging rights alone also want their virus to spread as far as possible, as fast as possible, so it's not in their interest to write destructive viruses either, especially since they usually seem
to want to get the machines to do a DDOS.

Re:Finally!

[tenton]

Aww, it wasn't that bad.

Now if you excuse me, I'm going look for a spoon to dig out my eyes; it's less painful than what I just experienced and that way, I can't possibly see anything worse.

Re:Finally!

[nametaken]

We used to have all these nasty viruses, before Visual Basic and script kiddies, back when AOL wasn't on the Internet and dial up was mostly BBSes. Boot sector viruses, trashing hard drive controllers, etc.

Oh the memories!

I just got a flash of those old bootstrap viruses on my DOS machines! Floppy users beware!

Re:Finally!

[CFTM]

Thankfully I've had the sense not to bother looking at any of said pictures...personally I don't enjoy warping my fragile little mind anymore then it already is :)

Re:Finally!

[rsmith-mac]

CIH, still perhaps the most dangerous virus in existance.

Re:Finally!

[EnglishTim]

*heh*

Insightful my arse.

Re:Finally!

[houghi]

There are more

Re:Finally!

[Matt_Joyce]

I work with a big publisher who got infected with a virus which altered random cells in excel sheets, by a small percent (or something similar).

hellish.

Re:Finally!

[Dekortage]

Yeah... does anyone else remember the old Cookie Monster virus? Every once in a while, it would pop up a message on your screen saying "GIVE ME COOKIE" with a prompt. If you typed in the word "cookie," it disappeared and let you keep working for awhile. In certain versions of the virus, if you typed in something else, it trashed your hard drive.

Don't give in to the demands of terrorists

[saskboy]

However, people have been installing and paying spyware removal fees of less than $200, so I won't be surprised when people pay off viruses like this.

I call hoax

[Short+Circuit]

If it were real, we would have heard it from Symantec or McAffee long before a third-world news website.

Re:I call hoax

[fbjon]

Perhaps they're still beta-testing the virus?

Re:I call hoax

[saskboy]

I call RTFA ;-)

"The FBI said the scheme, which appears isolated, was unlike other Internet extortion crimes.

Leading security and anti-virus firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed "ransom-ware"."

Re:I call hoax

[t123]

RTFA:
"This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination," said Oliver Friedrichs, a security manager for Symantec Corporation

Re:I call hoax

[ChaosCube]

Well, I saw earlier, on CNN or Yahoo news or something. That doesn't mean it's not a hoax, but it does mean that the news is more widespread than you think. I'm sure that this foreing paper picked up the news from one of our services.

Re:I call hoax

[Short+Circuit]

Unless it offers remote access to the attacker, I don't see how it would be any more isolated than any other worm. And even then, the remote access would need to be capable of punching a hole in firewalls, which is no small feat for a self-spreading worm.

I still say we would have heard about it from other channels.

Re:I call hoax

[hedleyroos]

You are an idiot for dismissing South Africa as third world. We may be in Africa and suffer from some of its problems, but I am sitting here typing my message from a Gentoo box while installing FreeBSD on another machine. Third world? I think not. Also, the sun rises earlier in South Africa than in the US. We sometimes get news earlier than you do because New Zealand and Australia wake up looong before you do.

Re:I call hoax

[Misanthropy]

Yeah, because if it's in an article it's got to be true!

Sounds like urban legend material to me. Like exploding monitors and the like.

Re:I call hoax

[Short+Circuit]

Really? I can't find any evidence he actually said that.

The only evidence I can find in favor of this story is an identical article posted by FOX News.

Re:I call hoax

[Short+Circuit]

Sorry if I offended you...I've got a friend from SA who's currently living in the US. She was surprised when told that police come to the scene of automobile accidents.

I will say you're better off than most of Africa.

Re:I call hoax

[t123]

try the websense website with more detailed information.

The original infection occurs when the user visits a malicious website that exploits a previous vulnerability in Microsoft Internet Explorer. This vulnerability allows applications to run without user intervention. The malicious website uses the Windows help subsystem and a CHM file to download and run a Trojan Horse (download-aag). The downloader then connects, via HTTP, to another malicious website. This website hosts the application that encodes files on the user's local hard disk and on any mapped drives on the machine. The malicious code also drops a message onto the system with instructions on how to buy the tool needed to decode the files. This message includes the email address of a third party to contact for instructions, and the user is directed to deposit money into an online E-Gold account.

Re:I call hoax

[RupW]

It's an AP story. See also Sci-Tech today for the same story.

Re:I call hoax

[mwood]

Hmmm, what about a Rube Goldberg Virus Contest to produce the most complicated infection scheme imaginable that actually works? :-) for the humor-impaired.

Re:I call hoax

[XMyth]

http://securityresponse.symantec.com/avcenter/venc /data/trojan.pgpcoder.html

Re:I call hoax

[saskboy]

http://news.bbc.co.uk/2/hi/uk_news/england/beds/bu cks/herts/4575291.stm

Exploding lightsabres even? Yeah, that's a hoax too, on BBC and /. ;-)

Just because a less well known news source ran the story, doesn't make it a hoax too. Although I agree it has some of the earmarks of one, it will turn out to be true sooner rather than later if it is one.

Re:I call hoax

[ReverendRyan]

Symantec Security Response lists this: Trojan.Pgpcoder They give the following details:


# Any files found which match this prerequesite are encoded and become unreadable.

# Ceates the file ATTENTION!!!.txt in every folder in which it encoded a file. The textfile contains the following:

Some files are coded.
To buy decoder mail: [user]@yahoo.com
with subject: PGPcoder 000000000032

# If the Trojan successfully completes its encoding routine on all files, it will delete itself through the creation of the file c:\tmp.bat. This .bat file will also delete itself.

So its not all BS.

Re:I call hoax

[Technician]

This website hosts the application that encodes files on the user's local hard disk and on any mapped drives on the machine.

This is the big reason I dislike my wife's XP box. XP home is a downgrade in network security if you use SMB on it. Old versions of windows permitted you to share folders and set read passwords and full access passwords. XP Home has done away with that security completely. This leaves shared folders on an XP Home very prone to anyone on your local LAN with a nasty bug or deletion fumblefingers. With passwords on shares (Win 95, 98, ME, NT) shares on other machines not in use are protected from write/delete accidents by a password. That is the reason my photos and music are not hosted by the XP Home machine. The read many times but write once in a while files are protected by passwords.

When I get a bigger hard drive, they are moving to a SAMBA share.

Re:I call hoax

[biraneto]

That's true... third world people are stupid. Since they still live in forests and don't have shoes. http://archives.cnn.com/2002/EDUCATION/11/20/geogr aphy.quiz/

Re:I call hoax

[aardwolf204]

Tools > Folder Options > View > Uncheck "Use Simple File Sharing".

Right-click folder > Sharing & Security > Share Folder > Permissions.

There ya go.

Re:I call hoax

[petermgreen]

that checkbox only exists on xp pro.

thing is with the 9x and NT lines there were good reasons to use the NT line over the 9x line which justified the price difference.

when the lines merged they had to deliberately cripple xp home to make people buy pro and the main way they did this was by crippling network security to the point that it was WORSE than 9x.

Re:I call hoax

[ebilhoax]

Oh..
through MSIE again?

Maybe this nice example will get the average user to understand.

Re:I call hoax

[hedleyroos]

And I apologize for using the word idiot.

I am usually very critical of my own country so my outburst of patriotism surprised even myself.

Re:I call hoax

[Technician]

the main way they did this was by crippling network security to the point that it was WORSE than 9x.

That is the reason I consider my wife's XP Home a stand-alone version. I spent over 3 hours looking to find where Microsoft moved the File Permissions. I figured I wasn't looking in the right place simply because so many other things have new homes. The help file is useless. It makes no assumptions the user may have used permissions in an earlier version and let them know it isn't there. Instead the Help simply lacks anything on LAN sharing permissions just like the OS. It's better with several users using one machine, but for LAN use, it is a downgrade. I do not permit XP Home to be set up for file sharing on the LAN. It simply would be a sitting duck with no file protection from any of the kids on the LAN. Anyone will have full permission to alter, delete, move or add files to an XP Home share. This is insecure by design.

let me guess...

[InfoHighwayRoadkill]

you could trace the email address to somewhere in either the former Eastern Bloc or Nigeria

Re:let me guess...

[1967mustangman]

Really that is just the down payment to the rich Nigerian buisness man who wants to give you hundreds of thousands of dollars for your contributions you kindly rich Westerener.

Get the FBI involved

[1967mustangman]

Would the Lindberg Law apply to kidnapped files as well?

Payment Options

[BunnyClaws]

Do they accept PayPal?

Re:Payment Options

[mattmentecky]

Do they accept PayPal?

Aww come on man, the person already has a virus, dont make them use paypal! I wonder which is worse.

Re:Payment Options

[roror]

I believe they would accept only paypal and that to non cc payment type.

Re:Payment Options

[bcattwoo]

Do they accept PayPal?

Sure just click on the link http://www.paypa1.com/ provided by the virus writer and enter your account information and password.

interesting attack

[rayde]

this is interesting. if a virus did this on a large scale, there would be loads of people who would be desperate to recover their data, and likely no feasible way to do it on a large scale without key recovery. but really, does the h4xx0r expect to be able to collect a sizeable amount of money without it being traced?

yet another reason to do regular backups, so you are never solely dependent on your local copies.

Re:interesting attack

[Neil+Watson]

When speaking to clients I've begun referring to backups as 'computer insurance'. When you compare backups as insurance and draw parallels to home or car insurance people tend to have a better understanding.

Re:interesting attack

[XMyth]

Sure this could be done on a large scale without key recovery. Using public/private keys. You'd have to have a different key for each copy of the virus that is sent out...but that isn't too hard. Have the virus contact a specified list of compromised hosts that will return an unused public key (not the private key of course) which the virus will then use to encrypt the files.

Re:interesting attack

[mwood]

What the virus author should be asking himself is: "should I worry more about the FBI tracing the thing back to me, or the minions of some mobster who just had his, uh, business records zapped by this indiscriminate attack?"

Gives new meaning

[Mycroft_514]

to "Follow the Money"!

Re:Gives new meaning

[njfuzzy]

No, that's pretty much the original meaning.

Heh

[TheRealMindChild]

Nothing for you to see here. Please move along.

OOOOOOOOOOOOOOOOH GNOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO. It appears to have infected CmdrTaco and now the news is being held hostage!!!!!!!!??!?!?!!!!

1) Infect news site and hold "stories" hostage
2) Hold a slashpoll to see if anyone noticed
3) ...
4) PROFIT!

I use Bank of America...

so I figure the virus author could deduct the money from my account, himself.

riaa conspiracy

[xao+gypsie]

they are just gonna lock our mp3s and then charge us the "fair market amount". $200 per song doesn't seem to be all that much for them, however....

Must be a real moron

[Kosi]

because his "blackmail-letter" is a file called attention!!!.txt, containing this:

Some files are coded.
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032

Re:Must be a real moron

[caluml]

Actually, the best **almost** anonymous way of sending messages is to PGP/GPG encrypt them, and post them to alt.anonymous.messages. Then, the right person, with the correct key can download your message, and (if he downloads every message in the group every day), you'd never know which ones he was able to read. And obviously others wouldn't be able to read the contents.

Re:Must be a real moron

[biobogonics]

Must be a real moron because his "blackmail-letter" is a file called attention!!!.txt, containing this:

Some files are coded.
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032


Sheesh. Any of you youngsters remember the Brain virus? It popped up a message saying essentially "To disinfect your computer contact XYZ computer services at $phone_number, $city, Pakistan." IIRC this virus was frequently distributed through copies of pirated software.

Re:Must be a real moron

[Minwee]

An even better way would be to embed the encrypted message in a series of not-safe-for-work-unless-you-are-ron-jeremey's-per sonal-assistant JPEG files and post them somewhere in the alt.binaries.* heirarchy. Not only will there be an army of other people downloading the same message, helpful strangers may repost your coded communications on other newsgroups and web sites without ever knowing what they contain.

Re:Must be a real moron

[noidentity]

I got infected by that virus once. It printed this:

I hold files kidnap: "GPL.TXT" is one
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032

Oh, darn...

Re:Must be a real moron

[caluml]

most ISPs are canning free Usenet access

I pay £25 per month for 512k ADSL - purely because the ISP has newsgroups, and all the alt.binaries. If they change it, I will look around for another. I know I can get 512 for £16 or so, but I am voting with my wallet.

Retro

[RealityMogul]

Sounds like the first computer virus from what I remember. The one where some repair shop in India had the virus lock the user out of the system. It kindly displayed an ad for the repair shop that said they could fix it though.

Re:Retro

[HyperBlazer]

Sounds like the first computer virus from what I remember. The one where some repair shop in India had the virus lock the user out of the system. It kindly displayed an ad for the repair shop that said they could fix it though.

I think you mean the Pakistani Brain Virus.

Software writers, not repair shop. Pakistan, not India. Not the first virus. It was intended to prevent piracy, and wasn't at all intended to be a "ransom."

That's the short version of the story. "Welcome to the Dungeon. Beware of the VIRUS." ;-)

Not Possible

[Billy+the+Impaler]

There's no way for a programmer to collect a ransom for files. How's he going to collect the money, a paypal account? Please! The feds will be all over this guy in a matter of minutes.

Re:Not Possible

[xs650]

Which country's feds would that be?

Re:Not Possible

[XMyth]

Yea...it's not like you can't use Western Union to transfer money essentially anonymously or anything like that....I mean...all those 419 scammers take paypal, right?

What?

[His+name+cannot+be+s]

What happened?

Did they Install windows?

was the email address bgates@microsoft.com?

tee-hee

G

That's not news...

[LegendOfLink]

I had a virus like that once, it was called M$.W!nd0ws.ME. It was horrible, once it infected your computer, it would display this wretched blue screen filled with hieroglyphics and demanded that you hit some arcane character sequence.

This one was a little different than the virus talked about in the story. You had to already drop $99 bucks for it and then it STILL crashed your PC.

Not on my computer pal..

[Nonillion]

All this guy did was probably change the file attributes and or permissions. It's been my experience that most "Windows" computer users have no clue how to change them or answer "permissions? attributes? what are these terms you speak of?"

Re:Not on my computer pal..

[DarkDust]

No, the "locking" is done by encrypting the files and deleting the originals. It encrypts all files with certain endings (for example .jpg, .db, .doc, .pdf and .zip). If you don't have a backup and your undelete fails you have no way of restoring these files (I don't know which algorithm is used to encrypt the files but if he used AES you'll have let a really, really heavy machine brute-force for quite some days).

Next time

[WormholeFiend]

Next time the police captures a virus writer, they should put him in a cell and tell him, we'll leave you here unless another virus writer pays us 200$.

Just collect enough to...

[MighMoS]

All this guy has to do is to collect enough money before anti-virus people figure out the fix, or someone figures out how to trace it. All of a sudden, he has his laywer fees paid for. Its like the Microsoft thing all over again.

Getting away with it...

[NCraig]

"The problem is getting away with it - you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an email account."

These guys won't get caught as long as they operate internationally and keep their ransom demands relatively low. As we've seen with the Nigerian Scam, there will be little impetus to apprehend these worthless criminals.

Re:Getting away with it...

[shdragon]

These guys won't get caught as long as they operate internationally and keep their ransom demands relatively low. As we've seen with the Nigerian Scam, there will be little impetus to apprehend these worthless criminals

In the world of theft related losses, the 419 scammmers don't come close to the damage caused by identity theft & related crimes in monetary damages. They're merely the ones with the most fame. There have been numerous successful counter-419 operations, most notably http://www.419eaters.com/
http://news.bbc.co.uk/1/hi/world/africa/3887493.st m

Your comment has to be one of the more naive & ignorant statements on the topic I've heard in a while. The fundamental difference between this virus (I'm personally still calling it a hoax until I see more reports) & the 419 scam is motivation & intent. The people involved on all sides (both the victim & the scammer) are driven by greed & the urge to make a quick buck. This virus doesn't lure them with promises of a small fortune for doing nothing. It holds their files for ransom until the "fee" has been paid. The speed by which virii & worms spread through the internet mean that this one would have to be deliberatly slow in it's attack & the ransom is set at a price point which makes it worth the victim's time to pay it instead of utilizing any of their alternatives. If that's the case for success with this new extortion virus, I can guarantee you it will not succeed for long. Greed always grows and the law of unintentional consquences applies to everyone.

Re:Getting away with it...

[elegie]

In one case, an individual was trying to extort money from a dairy company. The individual had already carried out an instance of product tampering against the company. The company was told to embed bank card details for an account into an image file. This image file was to be posted on a public Web site. The image was downloaded via an anonymity proxy service. The service cooperated and identified the user who had downloaded the image.

Ransom

[mcleaver]

SOmeone wrote: "this one is unique because it locks your files and then demands a $200 ransom to get them back." Unique? sounds like a description of anti-virus software to me.

Re:Ransom

[Brian+Boitano]

I was thinking more along the lines of "Please insert coin to continue".

Or....

[spotmonk]

you could just spend the change on a blank cd and back up your data before spending 200 dollars to get it back.

Re:Or....

[Junior+J.+Junior+III]

For 99% of computer users, it will be too late. Most people do not have a regular backup of their home system's files.

Those who do, probably back up to CD-ROMs which are cheaply made and regularly fail so badly that they can't be read after a year or so. And their backup schedule is probably haphazard enough that they may well have their latest backups on decayed media.

your new around here arent you

[InfoHighwayRoadkill]

In the bad old days virii did all that and more... apart from maybe uploading your stuff to public sites.

I remeber a long way back getting a virus that deleted every .exe file outside of C:\windows. It meant that windows was still fine but there were no applications to do anything. Then again I still had Freecell and Minesweeper so it wasn't all bad

Re:your new around here arent you

[trandism]

Then again I still had Freecell and Minesweeper so it wasn't all bad ....which until today are the best software available for the Windows platform

I send program to your email... Give me Money!

[stanleypane]

Is it just me, or does this seem a little elementary? FTA:

"I send program to your email," the hacker wrote.

And only demanding $200.00 from a business? Sounds like one of the following must be true:

a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.
b) person is testing the effectiveness of their program.
c) person is too short sighted to think of either a or b.

This is just pathetic.

Re:I send program to your email... Give me Money!

[I+confirm+I'm+not+a]

a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.

...or... a)ii) person is sensible enough to demand only $200.00, since that'll seriously reduce the chance of law enforcement caring.

Coupled with... d) like spam, enough of these ransoms will make the perpetrator rich beyond your wildest dreams[1].

[1] Reasonable dreams only, people! Strictly one dream per household!

Re:I send program to your email... Give me Money!

[doyle.jack]

Sounds like one of the following must be true: a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion. b) person is testing the effectiveness of their program. c) person is too short sighted to think of either a or b.

Or he's been watching too much Austin Powers.

If a smart crook were behind this ...

[Y2]

If a smart crook were behind this, he'd not worry much about collecting the supposed ransom, but would pop his head up as a good guy saying he'd cracked the virus and would sell you a fix-it kit for $50.

Of course, this means any honest white knight is going to learn the hard way about 20 feds and a flashlight.

Re:If a smart crook were behind this ...

[drigz]

> If a smart crook were behind this, he'd not worry
> much about collecting the supposed ransom, but
> would pop his head up as a good guy saying he'd
> cracked the virus and would sell you a fix-it kit
> for $50.
> Of course, this means any honest white knight is
> going to learn the hard way about 20 feds and a
> flashlight.

Any honest white knight wouldn't charge $50 for it.

Re:If a smart crook were behind this ...

[br0ck]

a smart crook....would sell you a fix-it kit for $50

Isn't that Symantec's business model? ;)

And computer criminals everywhere cringe

[grasshoppa]

Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.

I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.

Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".

And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.

Re:And computer criminals everywhere cringe

[caluml]

And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.

Make the virus extensible, and write a module that checks their bank balances before issuing the demands. Over £500 in credit, charge £200. £0-500, £20. In debt - it transfers money to them :)

Re:And computer criminals everywhere cringe

[JasonBee]

No No!

You have it all wrong...this is a serious attempt to put a human face this kind of thing. I can just see their centre now:

"your data is important to us, please stay on the line and a random extortionista will be with you shortly."

The fact that they are asking for direct contact is a radical departure from the usual anonymous hacker behaviour. These poor souls _yearn_ for contact! I see it as a heartful longing for friendship - 200$ at a time :P

Re:And computer criminals everywhere cringe

[optimus2861]

I think you're approaching this from the wrong viewpoint. The ideal target seems to be, in my mind anyway, small businesses. The ones that don't have dedicated IT staff to handle security, nor the resources to pursue lengthy legal options. If you're the owner of a small business of maybe half a dozen employees and do your invoicing and accounting on a PC and your files get locked out behind this thing, you've suddenly got a very compelling reason to fork over a mere $200 to unlock those files and get on with running your business. You don't have the time or money to pursue legal options, you don't have the expertise to try and recover the files yourself, and may not have a recent enough backup. The firm I work for is about 20 people, and the thought of this virus getting loose on our network, which consists of a lot of laptops as we do a lot of on-site work, is a very chilling one. We don't have dedicated IT guys and we would not be able to wait for legal options to play out. We'd pretty well have to fork it over and hope the authorities could do something about it down the road. $200 is less than a day's billing and infinitely less than what our project files are worth to us.

Effectively it's the electronic version of a protection racket. Set up a fall guy and have some money-laundering back-end to it and you're all set.

Re:And computer criminals everywhere cringe

[Soul-Burn666]

I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.

You mean like the thousands of trojans+keyloggers which have been around for ages?

Re:And computer criminals everywhere cringe

[Shawn+Parr]

And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.

Well obviously they went to the (Adobe, Digidesign, Microsoft, ) school of business, where when we notice piracy, we raise the price!

So what if charging less would gain many more sales and overall more profit, that would make us look like wusses!

Here at our organization the men are real men, the women are real women, and the little furry creatures from Alpha Centauri are real little furry creatures from Alpha Centauri, and forcing you to take out a mortgage to buy all our software validates our existences.

Thanks for your business!

Re:And computer criminals everywhere cringe

[zenofjazz]

You're forgetting the (potentially) best part (from the criminal's point of view...

The virus could re-encrypt the files with a new key, 3-6 months later, and present a New email address to email away to, for a new key.. and get another $200... just hide the virus, and claim the decryptor deleted it.

Wow

[NubKnacker]

"This seems fully malicious," said Joe Stewart, a researcher at Chicago-based Lurqh who studied the attack software.

Gee, I wonder how he figured that out....

Re:Wow

[cpn2000]

dude, he's a researcher, they know all sorts of cool things ... and stuff.

Re:Wow

[httptech]

Yes, funny funny. In context, though, you have to know the question the reporter asked me, which was, "Do you think this software was a test, or do you think it was malicious?"

-Joe

--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/

Re:Wow

[Sheepdot]

In his defense, the interviewer probably asked a stupid question in which he repeated it in his answer. For example:

Interviewer: "So the software demands money. Doesn't that seem malicious?"

If that was the case (and knowing the kinds of journalists that cover these stories, it most likely is) then his reponse isn't really all that ridiculous. I mean, c'mon, the author even wrote: "attack software". What respectable computer user calls a virus "attack software"? The same one that would call a firewall "defense software"?

Is that what this Internet thing is all about? Fighting wars online as cyberpunks, criminals, internet cops, etc.?

Re:Wow

[NubKnacker]

I was just surprised that a security researcher would say something like that. I hope you understand how it looks to me from here.

Now that you've put it in context, I understand the comment. :)

Re:Wow

[httptech]

Yep, I cringed when I saw it too. The other posters' comments about reporters is right on - you can talk for 15 minutes and give them a clear picture of the issue, but they'll pick the most impacting statements instead of the ones that explain it. And if you happen to say something that sounds fucktarded out-of-context, you can rest assured you'll see that quote in the article :)

-Joe

--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/

Isn't that a feature

[overshoot]

that Microsoft is adding to the next version of Office?

Re:Isn't that a feature

[JudicatorX]

No, that one will be 'we've locked up your files and you'll have to pay $1000 to get them back'.

Though this could be the bill for the beta test...

MS in disguise?

[MrKahuna]

Hmmm, is Microsoft testing their Longhorn upgrade incentive plan? Send in your money and get your license key, we've already downloaded and installed it for you. :-)

Data insurance?

[tyates]

Excuse me - I have to go take out a kidnapping & ransom insurance policy on my Word files and Email folder. By the way, when I heard this story on the radio this morning, they said it was hackers, not a virus, which sounds more plausible. (Well, marginally.)
Also, does anyone think that $200 seems a little cheap? Even a small company would probably value its data at 25x this.

Re:Data insurance?

[I+confirm+I'm+not+a]

Also, does anyone think that $200 seems a little cheap? Even a small company would probably value its data at 25x this.

It *does* seem cheap, but you need to think about it from the bad-guy's perspective: too greedy and the victim says fuck off or worse - the police take notice. Also remember that the bad-guy may well be repeating this operation on a large scale. Unknown large number * $200 = bad-guy lives life of Reilly.

Operating system

[HoodCrowd]

Gee....wonder what operating system and security these corperations had in place. If we cannot know the businesses that paid the extortion, can we know why they were so insecure.

Why Websense?

It's odd that Websense are breaking this news, since Websense is basically a filtering service, rather than a trojan or antivirus company. They're good at what they do, but they're not good at what they don't do. They have teams of people spread around the planet checking and categorizing URLs. Companies like HP and others then use the Websense service to filter net access according to certain rules. But I don't see why any company would turn to Websense to help with this particular problem, and I don't know why Websense would then go public with it, since I don't think they'd be the people to help fix it anyway.

Why so much press..

[technomancer68]

This has been out for years, it's called Windows XP Activation.

Re:Why so much press..

[OmniVector]

well, not really. you can just boot up the computer with a knoppix or BartPE cd and read the files on your hard drive without worrying about activation. that's hardly ENCRYPTED requiring a key to touch your files again. and (besides that point) windows activation is required for a product to legally use it. if you don't like it, don't use windows. that is not the same a piece of malicious software doing it withour your intent.

Dont let them win

[Timesprout]

This happened to me so I called Mel Gibson because he has a proven history of resolving these demands without paying the ransom. Worked out great in the end, my files were freed without me paying the $200 ransom. I did have to pay Mel $10 million for his time though which was a bit of a bummer.

I think...

[HTL2001]

this is probably just an experiment, to see how many people are willing to pay this ammount to get the files back

He (she?) would get more money if it was a lower ammount in an easy-to-pay system, since many more people would pay.
Maybe we will see the story sometime soon

Insightful, but disgusting.

[ciroknight]

virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.

Thanks for giving 'em the idea. Next time I go to look at pr0.. I mean my pictures, I'm going to be in fear of opening any of them.. *grumble*

another bank account

[Technetium+Web]

well maybe its not done for finanical gain, but what if they reply to the email with someone they dont like's bank account details? in hopes of getting them traced. or give the bank details of a charity and see what happens

Fill in the blank....

[ZerocarboN]

Can you find out where to put the word "Explorer" in the following quote?

In the recent case, computer users could be infected by viewing a vandalised website with vulnerable Internet _____________ browser software

Details

[spellraiser]

Details are always nice when stories like this are run. I see they are somewhat lacking here. Let's make up for that a little, shall we:

---

Websense alert

It is particularily interesting to note that this is a browser vulnerability exploit rather than an actual virus.

---

Symantec description of the Trojan Horse encoder

A google search for PGPcoder will turn up lots more.

Re:Details

[CowboyBob500]

Neither of those sites explain how to decrypt the encrypted files. You'd have thought that would be an important piece of information for anyone stupi^H^H^H^H^H unlucky enough to get infected.

Bob

Re:Details

[timmyf2371]

Screenshot 4 on the Web Sense link perfectly explains how to decrypt the files...

MS Application Upgrades

[lbmouse]

When Micrsoft does this, it's called a business practice.

"Malicious Cryptography: Exposing Cryptovirology"

[scovetta]

I just finished reading "Malicious Cryptography: Exposing Cryptovirology", and it talks greatly about exactly this. The problem is that, due to wonderful things like public-key encryption, evildoers could conduct an attack like this without leaving a trace.

I'd highly recommend the book (no, I don't know that author).

Yes, it's possible

[3770]

What the programmer needs to do is to buy a speed boat and have the victim drop the bag from a bridge into the boat and then flee and stage his own death with an explosion.

I've seen it in the movies.

The trick is to do that without spending more than $200.

Re:Yes, it's possible

[Pollardito]

since speedboats cost much more than $200, perhaps he could have several victims all drop their money from the same bridge (or nearby bridges), so that he can make multiple pickups per speedboat explosion. volume is really the key to profitability here

More Information on the Issue

[Flagbrew]

Here is some more reading on this extortion attack: http://www.websensesecuritylabs.com/alerts/alert.p hp?AlertID=194

Would be cool if

[Man+in+Spandex]

the virus was like that guy from the first Austin Powers

Victim: Who are you working for!
Virus: Unable to comply
Victim: Who Are You Workin For!
Virus: Negative!
Victim: Who Are You Workin For DAmmit!
Virus: *beplbeplpeeaezapakzz Triple Kill Detected* Fox News.

New Variant

[Timberwolf0122]

If you dont send the money with in two weeks they start sending the files back, bit by bit.

Subtlely (?) destructive viruses

[mgkimsal2]

I've written about this before, but I'm *so* waiting for a virus to do one or more of the following:

* alter scheduled appointments in outlook/exchange
* alter contact information in outlook/exchange
* alter information in ms word and ms excel documents

The key to all this is to do it in small doses - change a 3 to a 4, alter appointments by 1 hour, etc, introduce a few wrong spellings into ms word documents, etc.

People have this view that viruses are horribly destructive, and it decreases the estimation of Windows in some. Others stick by Windows, content to use anti-virus stuff because a virus just generally uses up resources indiscriminately or 'steals' data.

If viruses started attacking the integrity of core MS Office products, not 'just' the operating system itself, more damage would be done to MS' hold on corporate america than any attack on the 'operating system' level by viruses.

Put more simply, most people really don't understand the ins and outs of operating systems, nor the potential damage than can be done to them. Everyone can understand the damage that could be done by having your spreadsheets altered without your knowledge.

Well, at least I *think* everyone could understand that.

Re:Subtlely (?) destructive viruses

[GaryPatterson]

Hmm... Subtle damage could indeed be more crippling than overt damage.

Deleting a file will cause staff to notice, and after the virus is removed, the file will be restored.

Changing a few random values in a spreadsheet will likely not be noticed as quickly, and when it is, there may not be any way to work out which daily backup to restore from.

Then there's the effect.

Deleting a file causes irritation, but has no lasting effect.

Altering the file subtly will potentially damage a forecast, change the meaning of data or cause an employee to be held in lower regard.

I've sometimes wondered why virus writers seem little more than children, preferring to see their name writ large than actually do anything malicious. I've come to think it's human nature not to cause damage just for the hell of it.

I've been waiting for really damaging viruses to appear. This one won't herald the start of them - people will just purge the virus and then restore from backups.

Re:Subtlely (?) destructive viruses

[bezuwork's+friend]

Another thing (actually falls under one of your catagories) such a virus could do is alter names of contacts. Or change honorifics. Professionals in certain professions get very irate when addressed incorrectly. To the point of losing clients sometimes.

Re:Subtlely (?) destructive viruses

[Loonacy]

This is already happening. Several companies have been affected already. One such case is Microsoft itself. In Bill's scheduled appointments, he has "Windows Longhorn: Release" and some stupid virus keeps moving the date. Also, Duke Nukem Forever would have been released if this virus hadn't moved that appointment to 10/10/10.

Sounds familiar...

[Source+Quench]

This is what happened when I installed windows 98... it crashed and a dialog box appeared and demanded that I upgrade to windows XP in order to save my files from digital heaven.

Sounds a lot like

[nightskier]

Windows XP Pro.

Why ask for just $200

[WalletBoy]

I would have thought the author would have asked for...

One Miiiiilion dollars!

Buah hah hah hah hah!

Re:Ransom !

[nitio]

[Mel Gibson]
I won't pay for my files. Instead, I'm offering $200 for your msn you stupid kiddie, I'm gonna h4Xxx0r u n00b!!!
[/Mel Gibson]

Encryption is Unpatriotic

[Overzeetop]

Plain and simple, this should be used as a prime reason to outlaw all encryption, excpet by authorized government agencies. Oh, and big corporations for protection of IP. Everyday citizens have no reason for encryption.

Outlaw it NOW! The SKY is FALLING! Think of the YOUNGLINGS! (he he, sorry, I couldn't resist) ;-)

not my pr0n!!!

No!!!! Not my 200GB archive of pr0n!! :(
That'll that forever to redownload and organize...

Where do I send the money?

Re:not my pr0n!!!

[MoreDruid]

only on /. can the above be modded +2 insightful

Stockholm Syndrome

[zbeeble]

What happens if after I pay the money, my files do not want to come back ?

MOD PARENT UP

[Short+Circuit]

Good info. I wish I found that before I posted. (I *did* RTFA.)

I remember them...

[aug24]

I lost my third year project (Physics) to one in 1992. Eight months work chewed to bits, but a very nice chap named Jules reconstructed most of it from the actual sectors, with me guessing where-abouts it came from.

Those were, emphatically, NOT the days.

Justin.

Re:I remember them...

[rincebrain]

Seconded.

I don't miss those days.

Occasionally, I'll take out one of my old floppies for some reason, and find a boot sector virus on it. Heheheh. Thanks to resident scanning (if I happen to be on a Windows box), I only see the uninfect option, not a problem. And under Linux, which I usually run...who cares? :D

Police???

[www.sorehands.com]

You mean when you call 911 you don't get put on hold for 20 minutes?

Re:Crypto Question

[wren337]

a chosen plaintext attack might be an interesting defense. you could keep a series of chosen files with different extentions on your computer, so that when you get hit you have them for the decryption effort. Also you should wrap your monitor in tinfoil. ;)

What's next?

[cobrajs]

What will these virus creators think of next? Virus: "$200 for your files, $500 for your mouse!" ...and later... Doctor: "I don't think he is going to make it; this virus is holding his heart hostage and is demanding $500!" Just imagine if these crackers put their "skills" to something worthwhile!

Re:Ransom !

[88NoSoup4U88]

The movie 'Ransom', in which Mel Gibson tries to act out a dad who just had his son kidnapped.

And yes, 'tries', as the bit I just quoted, is one of the worst scenes out of the movie.

'Bout Time

[bubba_ry]

It's about time we had a change of pace. I for one am getting bored with the sends-emails-to-contacts-in-your-address-book variety of viruses. Whatever happened to the viruses of old (that I've only read about!) where every 4th of July your monitor would light up in a fireworks display?

Ah...memories...

Re:'Bout Time

[mwood]

Get yourself a VM/CMS system and you can run CHRISTMA EXEC, which does both! :->

(Okay, it paints a Christmas tree, not fireworks.)

The first rule of backing up

[Bender0x7D1]

Is to back up your data on a regular basis.

This little bit of wisdom has been around since computers hit the home. Now if only people would follow the advice given to them this virus would be a complete non-issue. Instead, we have a bunch of users who are convinced nothing bad will happen to them, (or are completely oblivious to the dangers), complaining since they didn't do what someone told them it was important to do.

I know I am paranoid, but I make sure important files are regularly copied to 3 different systems. Gmail makes a great place to store some of data - lots of space, geographically separated and administered by people who aren't complete idiots. I also copy my important stuff every week or two and put the disk in a fireproof safe designed for computer media.

This scheme seems to work well against these sorts of viruses as well as natural disasters and harware failures.

File Recovery

[zabagel]

I'm curious to see if booting with Knoppix and backing up your files will thwart this "virus." If he has used any form of encryption, this would not work. But if he changed the file permissions in Windows, as mentioned in an earlier post, it's a possibility

The AIDS Trojan already tried this trick

[Mattias]

The encrypt-files-and-demand-ransom-trick has been tried before by criminals in 1989. A company sent out disks with software containing a trojan that encrypted the harddisk and then demanded money to decrypt it.

http://www.claws-and-paws.com/virus/papers/history -of-computer-viruses.html#C05

Would be nice...

[The+Cisco+Kid]

The latest danger adds to the risks facing beleaguered Internet users

Re:Would be nice...

[The+Cisco+Kid]

Dangit. Stupid form.

What I *meant* to say, was, it would be nice, if the media, especially the tech media, starting getting this right...

This 'adds to the risk facing' *Windows* Internet users, not 'Internet users'. Those of us that use the Internet from non-Microsoft platforms only, dont feel beleagered with risks from viruses, trojans,etc much at all. At least not directly. We certainly get our share of spam and crap email, but thats primarily annoying, not so much 'risky'

Re:Ransom !

[88NoSoup4U88]

Hehe, that made me chuckle :)

Now imagine Mel Gibson actually saying that ;)

A similar idea was around in the 80's

[Pinefresh]

back in the 80's there was a program called HIV information that was sent on floppy to a bunch of people in the medical community. In the lisence of the software there was a warning that if they didn't pay for it there would be repurcussions. On something like the 30th usage of the program it would encrypt all the files on the hard drive and demand a ransom to unencrypt them.

web services, baby!

[abulafia]

The ransomware could phone home to a cracked server which provides the key. Or public key crypto could be used.

Gender Descrimination?

Oh yeah. Fuck those gender-descriminating Jedi.

Anakin: "Padme, you're pregnant. I'm afraid-for the good of the baby-you can't go lightsaber dueling or starfigher riding. You can resume such activities when they are safe for you again, mmkay?"

Padme: "Okay. I don't want to lose my child, so I'll sit down for this particular strech of 9 months. It's not like I wasn't involved in lots of gunfights before this, so I think I can deal."

God, some people just try too hard. Your stupid little digression about "sie" and "hir" is almost longer than your entire point.

Re:Gender Descrimination?

[Invalid+Character]

LOL! Cross-posting troll-bot got modded +5 Insightful.

I'm sure it was just the crack taking effect on the part of the mods.

reminds me of the 'jackpot' virus

[Errtu76]

back in the msdos days (aka: the good old days) there was a virus that locked your pc, did something nasty to your mbr (or fat - i forgot) and you had to play a game (or two .. or usually aLOT) on the slots machine. You would get your system back when you got the jackpot.

Re:reminds me of the 'jackpot' virus

[RIAA+Bounty+Hunter]

That virus was known as Casino.2330.

Screenshots

Re:reminds me of the 'jackpot' virus

[Errtu76]

Thanks man. This brings back memories :) Apart from the fat-trashing, this was one of the 'funny' virusses. Other cool ones are the Yankee Doodle virus (where the system speaker played the song, during which you couldn't do anything with your pc) and the Ping-Pong one (where there was an annoying ascii ball bouncing on your screen).

OT: Your sig

[Slashcrap]

How do we sleep when our beds are burning?

Asbestos pyjamas, you fool!

Do I have to think of everything?

They and Their

[bezuwork's+friend]

Language is constantly evolving, despite the proliferation of dictionaries and grammer classes. So evolving a new meaning / shade of meaning is appropriate if needed.

In this case, I think they as an indeterminate singular is a pretty good evolution of the language. Not perfect, but pretty good. I already use it this way in some of my writings. Whether it is being used in the singular or plural sense is usually clear on context. It also has the benefit that in situations such as here, where it is not known whether one or more people are involved, then both conditions are covered.

For myself, I used to use "te" for an indeterminate pronoun in personal writings. T is close to the s in she, and te is two letters like he. Not sure why I chose it, just did. Unfortunately, it is a homonym with the tee/tea family, so not perfect either.

Re:They and Their

[croddy]

language derives its meaning from mutual consent. you can't "evolve a new shade of meaning" by yourself. before new forms enter a language, many people must use them for quite a while. we've formalized the lexicon and grammar so that people can actually use language to communicate predictably.

Dvorak predicted this a long time ago

[r.jimenezz]

Yes, that Dvorak. Been searching for it on PcMag.com but I'm fairly certain he wrote about this a couple of years ago.

Not that it shows much clairvoyance on his behalf, as others has posted before, this was begging to be done.

Re:Dvorak predicted this a long time ago

[mwood]

I believe that I read of a similar scheme as an aside in _The Adolescence of P1_. VIRUS messes up your computer but you get it free; VACCINE removes VIRUS but it'll cost ya.

Sweet!

[Greyfox]

Combining a computer virus and extortion. When they catch this bozo, and they WILL catch him, they will probably charge him with 1 count of extortion for every system in the world that was infected. For the first time in human history, someone will have a jail sentence that extends past the expected end of the universe!

Re:"Malicious Cryptography: Exposing Cryptovirolog

[timster121]

The author's name is 14608decf3c24b62a64015d411a862a640e5c1.

Course, you'll have to read the book to figure out how to decode it.

There will be no negotiations.

[vertinox]

I'm sorry, but we don't negotiate with terrorists. The files knew the danger when they took the job.

C:\>format c:

There are two types of computer users

[Tsiangkun]

1) Those who have lost data
2) Those who will loose data

An appropriate backup system would render this extortion powerless, albeit inconvenient for most home users.

This makes me wonder...

Will Microsoft start factoring these little occurances into the TCO of Windows?!

Re:This makes me wonder...

[darthtrevino]

Only on Slashdot would this comment be insightful...*sigh*
--
Random Signature #1
Generated by SlashdotRndSig via GreaseMonkey

Re:This makes me wonder...

[XMyth]

For the love of God.

How is this in any way a Windows specific thing? The same virus could be written to run on any OS.

I stand by my earlier statement.

You're an idiot.

Re:This makes me wonder...

[WNight]

At some point the huge preponderance of exploits, viruses, worms, on the Windows system has to be dealt with. Dealing with these issues does indeed affect the TCO.

Re:This makes me wonder...

[AstroDrabb]

Are you suggesting that this type of commment should be modded "troll"? Why shouldn't these types of problems be added to the MS-PR-Machines' TCO? Why shouldn't MS add the cost of a _real_ firewall, virus protection and spyware/adware protection to the TCO of their OS for home and corporate users (especially home users)?

Just try to run an MS Windows XP Home computer that is connected to the internet without any _real_ firewall, virus scanner or adware/spyware prevention. That PC will be taken over in no time.

For all the MS appoligists and astroturfers,... *sigh*

Re:This makes me wonder...

[AstroDrabb]

How is this in any way a Windows specific thing?

Well, maybe because this issue _only_ affects MS Windows PC's?

The same virus could be written to run on any OS

Oh really, so why don't you write it or have someone else to write it? All those other OS'es out there are based on some type of Unix style permissions such as Linux, Mac OS X, *BSD, Solaris, etc. Those systems won't be affected in the same way.

If this virus got on Linux or Mac OS X, it would _only_ affect the current user. Meaning that if my wife did something stupid on my Linux or Mac OS X boxes, it would be _her_ stuff that is lost and not _mine_. As a programmer, I have a lot more important things on my computers than my wife. If she loses a few pictures or emails, "no harm done".

However, if I had an MS Win XP system at home setup as the factory default with every user an admin my wife's mistake would have lost all of my file!

So yes, this is in _every_ way a "Windows specific thing".

Re:This makes me wonder...

[icypyr0]

If this virus got on Linux or Mac OS X, it would _only_ affect the current user.

You can protect individual user directories in Windows XP if you set up permissions correctly, just the same as how you can protect individual user directories on Linux if you set up permissions correctly.

However, if I had an MS Win XP system at home setup as the factory default with every user an admin my wife's mistake would have lost all of my file!

I would argue that there are quite a few new Linux users who foolishly make liberal use of the root account to make certain tasks easier. While maybe a competent Linux user would not make such mistakes, theres no reason to expect that a competent user would make the same kinds of mistakes on a Windows machine.


While I wholeheartedly agree that Windows has had some serious issues in the past and present, it's not helpful when Linux extremists like you warp the truth to fit your agenda. It's people like you that are corrupting the Linux movement inside out. You should be ashamed.

Re:This makes me wonder...

[AstroDrabb]

You can protect individual user directories in Windows XP if you set up permissions correctly, just the same as how you can protect individual user directories on Linux if you set up permissions correctly.

Yes, you can set up XP permissions correctly. Well, XP home kills your ability to do this easily. Read this article. XP Home is pretty much brain dead IMO. From the article about Home vs Pro:

The most obvious difference is security, which is vastly simplified in Home Edition. Each interactive user in XP Home is assumed to be a member of the Owners local group, which is the Windows XP equivalent of the Windows 2000 Administrator account

So the majority of all computer users using MS Windows XP are running as admin. They are open to far more problems than the typical Linux or Mac OS X user who are running as a non-admin user. Sure you can run as root/admin under the other OS'es, however it is not the norm.

I would argue that there are quite a few new Linux users who foolishly make liberal use of the root account to make certain tasks easier. While maybe a competent Linux user would not make such mistakes, theres no reason to expect that a competent user would make the same kinds of mistakes on a Windows machine.

And your argument would be wrong. All of the major Linux distro's have users create a non-root account at _install time_. When it comes time to do a task that requires root, a nice little GUI window pops up and asks for the root password (oh, this also happens from the console/command line).

it's not helpful when Linux extremists like you warp the truth to fit your agenda.

Linux extremists like me? So I say something negative about MS and now I am a "Linux extremists"? Stop being an MS appologist. I make my living by writting software on MS OSes. I just don't appoligize for all the stupid things MS do.

You should be ashamed.

Ashamed of what? Not making up excuses for every brain dead thing that MS has done. You should be the one that is ashamed for sweeping the problems of MS under the rug.

Re:This makes me wonder...

[mabinogi]

I think he was suggesting it should be modded as "funny", as it was obviously not meant to be taken seriously.

AOL threatens the pictures already, doesn't it?

[ianscot]

Seems to me I've seen (or heard on the radio?) a commercial for AOL in which people describe how much they'd like their kid's baby pictures to just vanish. The point being that you should belong to the oh-so-secure AOL.

So, the water's already muddy on that one.

Wow, it's like the movie "Hackers"... only lamer

[Shaper_pmp]

Wow - it's like "Hackers"... only ten years after the idea even made the mainstream. And much more low-rent. And without the cool graphics and computer-generated voice. And with less supertankers. And without Angelina Jolie with her nips out.

How lame is that?

(And that's leaving aside the huge number of social and technical ways this scam could be improved...)

We've come a long way

[merc]

... since ILOVEYOU.

Good.

[RyoShin]

I don't know if this is a hoax. Even if it isn't, I silently wish for someone to up and do this.

Most viruses just run in the background, sucking up processes so that the computer runs slow, making most users hit the monitor and complain about whatever ISP they use (regardless if they are currently connected or not,) while not always actually calling them for help.

If it wasn't for programs like Norton, McAfee, or AVG, most average users probably wouldn't have a clue if they did get a virus.

With something like this working 'in your face', they'll at least go 'wtf', and maybe listen this time when you tell them not to open attachments they weren't expecting.

Better yet, don't ask for money. Just punish the saps. As a kid, both spankings and time-outs helped deter me from doing bad things or disobeying (more the spankings than the time-outs.) Let's put this into the adult realm: Have a virus that, when run, sends itself to everyone in the address book. When that's done, it brings up a message telling the user what an idiot s/he is, and that the computer is now locked for the next month. Effectively, they get a 'time-out' for doing something bad/stupid, and will probably (hopefully) think twice before opening an unknown attachment next time.

Um... I don't condone doing this, though!

new twist to old idea

[oil]

This is not a new idea, just a twist to attempt to make a profit. I recall the idea being implemented in an old school DOS virus back in the late 80's / early 90's (can't remember the name).

The old virus wrote the FAT table to memory and then deleted any copies from the disk. It then gave the user three choices, like a shell game. If the correct choice was made (there was only one), the virus would write the FAT back to disk and then remove itself. If the wrong choice was made, the virus rebooted the PC, thus making it extremely difficult to get your files back in one piece.

I always liked that one.

Wait wait wait...

[Mephij]

I thought Palladium wasn't comming out until the next version of Windows?!?!

News from .ZA?

[UnixMan]

Why should I believe that thing? Does any other security site has it from a "reliable" source? Until then, it is vaporware... (or should I say hear say, gossip, etc).

Quote from new Mel Gibson movie

[mikeh9741]

"Give me back my files!"

laundering the money

[goombah99]

Everyone speculates that laundering the money will be hard. Perhaps not so hard really. This happens daily on E-bay with the western union scams. Apparentyl none of those are ever traced so why not these?

As for tracing the e-mail well that wont work either: again people do this all the time on e-bay rip offs and none of those get traced.

besides which the attacker might very well be logging your keystrokes and simply watching for you to send any text continaing a fake address he gave you, then sending this real text somewhere else. Fat chance you would notice this in time to do anything about it. He just picks off the western union number, then pays some street urchin to go collect for him.

or you could rig this as sort of a two part thing. One is to have the virus encrypt the files. then "coincidentally" this spam e-mail comes offer to sell you a universal decoder program for the low price of 49.99$. THe company could be legitimate in the same sense that McAffee is legit. They just sell decryption tools. Sure they might be suspect but some company IS going to crack this and when they do they are going to SELL the decoder. The evil-doer merely has to be one of many companies offer this product for sale. It would be in his interest to leak the decoding method just so those decoy compamies would appear.

Re:laundering the money

[team99parody]

In fact, Symantec does this to me (at work) all the time. I bought their product once; and every 6 months or however long it takes that license to expire; they keep spamming me with more emails that say if I want to keep my computer safe from all the stuff infectig it I need to pay them more protection money.

At home, I don't have the problem; since more honorable vendors that distribute their software via apt-get don't run these kinds of protection rackets.

viruses that wipe windows

[matt+me]

How can you say a virus that wiped your OS clean off your computer was a bad thing? If a virus did that to my parents computer I could probably convince them to move to Linux. No, viruses today slow the system, inundate the user with ads and send spam to the point that the OS is unbearable to use to anyone who has ever used a Mac or Linux, but so they say "it's ok, it works for me".

Re:viruses that wipe windows

[Monkelectric]

Not sure if you're a troll or not, but us in the linux community don't want to *WIN THAT WAY*.

Re:Crypto Question

[swillden]

If you have just two files its still extremely hard... you need something like 2^23 files to do it in a reasonable amount of time (assuming RSA+IDEA).

This post is incorrect. Probably a semi-subtle troll rather than an honest error.

Neither RSA nor IDEA is vulnerable to a known-plaintext attack. In fact, any cipher that is vulnerable to such an attack is considered completely insecure, especially if only 2^23 "files" are needed.

If you get to choose the contents of one of the files its only about 2^17.

Neither RSA nor IDEA is vulnerable to a chosen-plaintext attack. There were some chosen-plaintext attacks against RSA a few years back (mid 90s), but proper padding eliminates them. And far more than 2^17 trials were required for typical key sizes. Again, no cipher that was vulnerable to such an attack would be considered secure.

Obviosly, if the keys are larger, it will take exponentially longer.

Larger than what? Are you assuming extremely small key sizes in order to achieve the numbers above? Actually, you don't get to pick the size of an IDEA key, because IDEA keys are 128 bits. Though you can arbitrarily fix key bits to produce a smaller effective key, there's no reason why the virus writer would want to do that.

typo

[commodoresloat]

you misspelled "ls"

Oh, wait a minute, never mind...

I forgot we were talking about viruses.

Re:typo

[jaavaaguru]

Yeah, but it's not a standard Unix thing. Solaris doesn't have it, for example.

Re:typo

[Ailure]

If I got a penny for everytime I wrote ls in DOS, I would be richer than bill gates...

Re:typo

[timmyf2371]

I had that same problem, in the end I ended up doing a "copy dir.com ls.com"

Re:typo

[scdeimos]

Are you still running CPM or something? dir's been shell-integrated for as long as I can remember.

Re:typo

[commodoresloat]

No; they need this.

;^)

Re:typo

[bhtooefr]

Depends on your distro/shell. Some distros symlink dir to ls, and I've even seen some cases where dir goes to ls -l, and dir /w goes to regular ls.

Re:typo

[bhtooefr]

I usually have a CMD.BAT in C:\Windows\Command (on a 9x system - I use 2K/XP systems a lot, so I'm used to Win-R, CMD, Enter), and sometimes I throw in an LS.BAT in there, too.

CMD.BAT:

COMMAND.COM

(there's gotta be a better way to do this)

LS.BAT:

DIR.COM /W

LS-LART.BAT:

DIR.COM

(I know, I know, I can do better... I was just lazy, and didn't feel like looking up stuff on COMMAND.COM's processing ability)

Africa

[ta+ma+de]

What will those Nigerian's think of next? I guess General Ndugu was not able to recover his million's tied up in international banks.

If this gets into a control system at a chemical plant the writers of this virus will be at Gitmo until rapture.

For example...

[doublem]

I can see it now:

"What do you mean MCP? I have a Frigging MCSE you bastard! I paid a lot of money for those test prep courses."

The damage that can be done in financial circles is astounding. There are a lot of people with more letters before and after their name than IN their name.

And changing a few Ms. to Mrs. or Miss. will cause a whole other slew of issues.

If the first name is androgynous (Like Terry) changing the Mr to Ms or vise versa would also be rather evil.

I have a *GREAT* idea to make this a good thing...

[fzammett]

Twoeasy steps:

(1) Get this virus into the DMCA-supporters computers.

(2) When they are screaming that all their data is encrypted, kindly inform them that you could create a crack for it and get all their data back, but unfortunately you would run afoul of the DMCA reverse-engineering laws and therefore cannot help them.

Yes. Irony is *NOT* dead!!

A simple request

[bunratty]

Some kind soul should write a virus that holds your files hostage until Firefox is installed and is set as the default browser. Hint, hint...

Re:A simple request

[Beardo+the+Bearded]

Yeah, because Firefox has never had a security problem.

Have you already forgotten the "click anywhere to have arbitrary code execute" bug that only got fixed in version 1.0.4? How many people are going to patch that? Half? That's 15 million machines right now that can have an attacker run arbitrary code. (Based on about 30 million FF users.)

If that's how Mozilla makes code, we're fucked. It's not secure. It's obscure. Security by obscurity is no security at all.

(FF user)

Re:A simple request

[aziraphale]

Some kind soul should write a virus that holds your files hostage until Firefox is installed and is set as the default browser

They already have. It's called Internet Explorer. Until you turn it off, it sits there on your system, threatening to download malware, send your private data to strangers, and install viruses that will wipe out all of your files....

Re:A simple request

[Alsee]

Why "hold files hostage until Firefox is installed" when the virus could simply download and install Firefox itself and set it as default?

-

Problem with your argument

[benhocking]

Not that I'm advocating the use of "they" in the singular form, but your argument would seem to suggest that "you" is only valid in the plural form as well. Or, do you say "you is cool" when referring to a single person?

[humor]Some people do believe that "you" can also have a plural meaning, but us cultured types know that the plural of "you" is "y'all".[/humor].

Re:Problem with your argument

[angst_ridden_hipster]

Um... sorry to pick a fight with a Cultured Type, but "y'all" is actually singular.

The cognoscenti would point out that if you wish to refer to a group of individuals, the correct construction is "all y'all."

There are also the New Jersey Dixie constructions of "youse all," "alls youse," and "alls youse all," but I fear these do not truly fall under the scope of the discussion at hand.

And isn't a Cultured Type really just some dude with some stray acidophilus?

Re:Problem with your argument

[monkeyfamily]

so it was humor, i'm still gonna nitpick: y'all is SINGULAR, all y'all is plural!

An old remake, using the Net this time, and $$$

[saskboy]

I encountered a virus just 2 years ago, although it had been written in the 1990s, that encrypted files on a hard drive using a randomly generated and locally stored key. If you removed the virus, you'd lose the key, and access to all files that had so far been encrypted. I don't recall the name of the virus right now, but I spent about an hour looking for a fix to this old virus, and fortunately found an old removal utility on a website that was still hosting it, and it retrieved the simple encryption key, and removed the virus after decrypting all of the encrypted files.

Re:An old remake, using the Net this time, and $$$

[Leebert]

You're probably referring to the "One-Half" virus, if I recall correctly from my days reading alt.comp.virus.

This was the classic example as to why blindly running "fdisk /mbr" from a boot floppy was a no-no.

Re:An old remake, using the Net this time, and $$$

[saskboy]

You're correct, I couldn't remember the name, but now I recall another characteristic was to encrypt the hard drive until half of it was encrypted, and then something much worse happened.

Sorta like the idea behind the movie Speed, but with hard drives instead of busses.

I'll pay anyone $200 to track down the creater of

[Mad+Ogre]

All I need is the names and addresses... and a plane ticket... and a rental car. Give me that, and I'll make them recant their evil ways. This goes for Spyware authors and Spammers. And the guy that cancelled Firefly.

Fixing this illegal?

[Dimensio]

Since they recovered the files without the key, it looks like the guy wrote his own crypto.

Doesn't this violate the DMCA?

The real solution to this problem

[eadint]

All hackers and virus makers are subject to summary execution. i would send this person the two hundred dollars and use the records to track him down and then i would use a baseball bat to perform anal rape on him his famaly and any freinds that he has, after wich i would execute him, then i would sell the video on the internet to recoup the 200$ and mabe even make a profit.

Re:The real solution to this problem

[TylerDurden0]

Jeepahs, why don't you just make his dad watch? War, using large implements to perform unauthorized sexual intrusion. Go get 'em, tiger!

Money Agents

[gone.fishing]

I wonder if this (or some other) extortion attempt is why my bank recently sent it's customers a warning about a new scam that asks you if you would be willing to become a "money agent" for someone in another country. Supposedly, you would allow money to be deposited in your account and then you would send 90% of it along to a Western Union account. According to the scam, this is supposed to be faster, safer, and cheaper for people in forigen countries.

Seems like a great way of breaking the money trail and it only costs 10%!

Crooks are pretty inventive.

Re:Money Agents

[djrogers]

If I'm willing to work with a foreign criminal, why wouldn't I just hang on to all 100% of the $$? Crooks don't trust other people that far... It's far more likely that the 'scam' is simply a way to get your checking account info so the crooks can drain it directly.

tar ?

[LowOrderBit]

tar -xv backup.from.preinfection.tar

done.

backup.restores must not be popular in third world countries.

Hope They Nail the Bastard

[dmarx]

It seems that virus writers have gotten even lower-simply destroying your work wasn't enough, now they hold it ramsom. I hope that they follow the money trail to this scum, and hit him with not only computer crime charges, but extortion charges.

Re:a fix ... time to terminate.

[scharkalvin]

How long until McAfee becomes self aware! ...And becomes skynet.

If you find a fix..

[Trevahaha]

So if you find a crack to the encryption.. are you violation of the DMCA? :(

I've heard this before

[benhocking]

And every time I've heard it, it's been from a northerner - i.e., not a recognized practioner of the word "y'all". For some bizarre reason, successful usage of this excellent word requires living south of the Mason-Dixon line (btw, this includes, but is not limited to, Australia - they also use this word). Although Southerners generally do like to take their time in talking (I am an exception to this rule, although I'm only a Southerner by exposure and not by birth), they do not make their sentences unnecessarily long. Thus, "all y'all" is a phrase that has been invented by northerners in an attempt to impugn the good repuation of the word "y'all".

Re:I've heard this before

[angst_ridden_hipster]

And every time I've heard it, it's been from a northerner...

Well, being in Virginia, you'd have a better perspective than I would, seeing as I learned the language in Los Angeles (as far as I can tell, US Geography is non-Euclidian: West is completely orthogonal to North/South, while East is not. After all, Los Angeles is well south of Mason-Dixon if you measure by latitude.)

I will admit to merely parroting sources, rather than having done the research myself. Interestingly, though, at least two of these sources are from Charlottesville. I'll actually be visiting them this coming weekend, so I'll ask around.

I went through a struggle to track down the dialect survey, only to discover it doesn't have "y'all" at all. There are some interesting items, however:
http://cfprod01.imt.uwm.edu/Dept/FLL/linguistics/d ialect/maps.html

Re:I've heard this before

[WhiteDragon]

I will say though, that having lived in Springfield, Missouri for 15 years, they don't necessarily say y'all there, they say you'ns. I'm not quite sure what the distinction is though.

DMCA protection

[noidentity]

If this virus ever holds your files hostage, remember that the DMCA makes it illegal to try to circumvent the protection scheme. Don't break the law, it's bad 'mkay!

Re:Getting away with it... "Worthless"?

[davidsyes]

"there will be little impetus to apprehend these worthless criminals."

Seems to me,such criminals will be WORTH every penny they collect, heheheh.

What MIGHT be worth LESS is the amount of effort and resources it takes to get the money back.

Re:Wow, it's like the movie "Hackers"... only lame

[Shaper_pmp]

Hmmm... Film out in 1995... Ms Jolie born in 1975... I make that 20, so not underage, no.

Now, whether she looked underage... that's an entirely different matter <grin>

Where is this coming from?

[benhocking]

This makes two people to say this, and I have NEVER heard any one actually use this in speaking (and I have lived in the south for 30+ years now - more than 20 of those years in Georgia, and the remainder in Virginia). I strongly suspect this is a conspiracy that northerners are engaging in to impugn the good reputation of the excellent word "y'all"!

I think NOT!!!

[StarCharter]

From what I understand, the virus is reversable.

Reporters

[The+Monster]

I always assume reporters are at fault for what's in a story. Once a local TV reporter interviewed my wife for probably half an hour, and managed to use three whole words of it on the air.

Fine...

[Nate+Eldredge]

I'll send him the $200. It's a cashier's check, drawn on the First Bank of Nigeria.

No, better yet, I'll make the check for $10,000 and he can just wire back the difference. Much simpler that way.

Brilliant - How Hackers Have Come Down

[Master+of+Transhuman]

Rather than try to extort $20 million from Citibank, now we're reduced to extorting $200.

What's next - a virus that says, "Brother, can you spare a dime?"

I'm currently in Charlottesville

[benhocking]

and that's where I heard it before - from a transplanted northerner!

Re:I'm currently in Charlottesville

[angst_ridden_hipster]

I only mentioned Charlottesville because you're there. Otherwise, I would have just said "around central Virginia."

That being said, my sources were born and bred in C-ville.

Re:Crypto Question

[rjh]

That depends on what you mean by RSA and IDEA. The security of cryptosystems is highly dependent on implementation details; for instance, without use of OAEP, RSA is vulnerable to all manner of different attacks.

Any cipher run in ECB mode is vulnerable to a degenerate known-plaintext attack. If you know what a certain block of text is, and you see how that's been encrypted by a cipher in ECB mode, then you can be guaranteed that later on when you see that same pattern it'll decrypt to the same value. This is why ECB mode is held in such disrepute nowadays.

Etcetera. Basically, there are all kinds of different qualifiers which need to be put on any crypto answer. I don't think the original poster was correct, but I think it gives a false sense of security to say "neither RSA nor IDEA is vulnerable to a known-plaintext attack" without giving a lot of qualifiers on precisely how those algorithms are being implemented.

if really are important files untar the backup

[bxbaser]

eom

No way out

[wrenhunter]

Gosh, if only there were a way to make copies, somehow, of valuable files. You could use those while waiting for your precious originals to be restored to you. Wait, back up, there is no way.

Amiga virus

An Amiga virus which name I don't remember did me approximatelly this, to a floppy, like 15 years ago. The virus showed a message telling me to send the floppy to some postcard service. Although I never sent it (it was a backup of some game I owned), I guess that guy didn't have to buy his floppies anymore :-D.

Viral Anti-Virus

[medcalf]

Here's what I don't get:

1. Viruses spread through a limited (though large) number of known vectors, primarily on unpatched or otherwise-insecure systems.
2. People who get viruses at one point generally end up getting a lot of them over time, because people generally don't learn from their mistakes for some reason.

In other words, it seems to be the same holes over and over and over again that get exploited. OK, I see two approaches to this that would do a better job of fixing the problem than running anti-virals. Both involve creating a virus to exploit the holes, whose payload is a security package.

One would have a security package that's a simple virus detector, that pops up a message to the user stating that virii have been found, and naming them. Another could actually attempt to clean the machine. That's a little intrusive, and it would be even more intrusive to, say, turn off the machine a day later if it's not disinfected, or to try to patch the holes in the machine, so I don't suggest that those be tried.

But the basic idea, of putting an anti-virus payload on a virus, seems straightforward enough that, since it hasn't been done so far as I know, I must be missing something.

Re: Appalling

[Cochonou]

I really find appalling this way of thinking.
I won't comment on the "data of people using Windows should be CORRUPTED, that will teach them !" argument. I don't think there is a need to.

However, I'd just like to ask you something: What are the most common ways for virus to spread nowadays ? Usually, they are:
- holes in mail readers
- trojans delivered by mail ("click on the nice picture")
- trojans on the internet ("play this nice game"!)
Of course, there are famous virus that spread trough holes in Windows, but they are less common than the brood I've previously cited.

Now tell me one thing: why using linux should reduce the risks of having holes in your mail reader ?
And more importantly, why using linux should prevent your documents from being corrupted by some kind of trojan ? Don't forget that most of the important data on a personal computer is user writable.

Incubation (Re:Finally!)

[vpetersen]

quote > end quote

The problem is that such viruses don't propagate as well to reinfect, having killed the PC. A parallel example involving life, is Ebola and Marburg viruses in Africa. Because their letality is ~70-90% (turning a body into a bucket of unmoving haemorrhagic fluid in just over a week), a localized tribe or a village ends up dead before passing it on for spreading around. OTOH, benigh (often East Asian) cold and flue viruses kill a miserable percentage of old and weak, allowing the majority to still be able to travel or socialize long enough to allow the flue to propagate around the world.

Re:I have a *GREAT* idea to make this a good thing

[jgoemat]

Except the encryption isn't a "protection mechanism" used by the copyright holder, the one who wrote the documents or their employer.

How about bad replies.

[phorm]

How about "send nasty messages to your boss" (or your co-workers, clients, etc). You could do it randomly over time to different people... parse an email that exists, send a message as a reply (with the original body quoted) stating "well I think you're an a**hole and I have no f**king use for you"...

A little more legit-sounding than your standard spoofed email, and more dangerous.

Hmmmm, still looking...

[sh0dan]

for the obligatory pr0n comments... Are you loosing your touch?

Re:Crypto Question

[swillden]

Basically, there are all kinds of different qualifiers which need to be put on any crypto answer. I don't think the original poster was correct, but I think it gives a false sense of security to say "neither RSA nor IDEA is vulnerable to a known-plaintext attack" without giving a lot of qualifiers on precisely how those algorithms are being implemented.

You're confusing ciphers and cryptosystems.

It's perfectly correct to talk about the security of a cipher with respect to a particular attack -- the implicit assumption cryptographers make is that the cipher is being used correctly and the attack is being executed competently.

When discussing the security of a cryptosystem that uses a given cipher you do have to look at the implementation details. Exponent choice, padding, feedback modes, message integrity, key storage, key management, keystream quality, key sizes, key generation, subliminal channels, side channels, order of encryption and signing, reuse of keys... the list goes on and on of things that have to be considered.

But the AC troll I responded to wasn't claiming that poor design or implementation would make the virus's crypto vulnerable to known or chosen-plaintext attacks, he (or she) was making a blanket statement that one would assume would apply to any system using those ciphers. And that blanket statement is clearly false, even if specific implementation failures might make it true in some cases.

Why bother encrypting

[SirLanse]

Just overwrite the file with random info. Get money leave. Maybe call virus to trash the computer completely when done. If you are into extortion, you have no morals. If you have no morals, you won't keep up your end of the deal.

Re:Crypto Question

[rjh]

Speaking as a grad student in cryptography, I don't make the same implicit assumption that you do; nor does my advisor. Whether we like it or not, people use the term "RSA" or "IDEA" or whatever to cover both the algorithm, the protocol, and the implementation of both.

The RSA algorithm is vulnerable to many attacks.

The RSA protocol (what I'd prefer people called PKCS-1) is designed to minimize these vulnerabilities.

And RSA implementations run the gamut from good to lousy.

It would be a nice world if we could always understand precisely what people meant by "RSA", or insert-your-cipher here. We don't, and for that reason it pays to be very careful with language.

Re:Crypto Question

[swillden]

It would be a nice world if we could always understand precisely what people meant by "RSA", or insert-your-cipher here. We don't, and for that reason it pays to be very careful with language.

I agree with this in the abstract, but as an expert speaking to non-experts it's usually a good idea to simplify things. Speaking with excessive accuracy can actually mislead if you're not careful. It's easy to mislead by oversimpifying, too, of course.

With respect to RSA and it's common usages, the best practices are so thoroughly well established (embodied in large part in the PKCS recommendations) that it's misleading to tell people they will likely be able to recover their data in a reasonable time given a sufficient (and relatively small) quantity of known plaintexts. This is even more true given the existence of high-quality, easy-to-use implementations, like those in PGP/GnuPG, openssl, etc.

How to Ransom untracably.

[goombah99]

Here is one way you could collect a ransom nearly untracably, at least on a small scale.

Require the victim to send you valuable information or perform a valuable service instead of cash. For example, ask them to buy a new copy of adobe photoshop or windows and send the registration keys. Now you can resell this on e-bay or wherever as a legimate copy.

If you were an eco-terrorist you could require them to give a donation to the sierra club or the red-cross disaster relief or donate to president bush's re-election and provide a recepit.

if you were out for revenge or a pervert, you could ask them to post a nude picture of themselves.

you could ask them to buy a large quantity of a stock with few outstanding shares. Do this enough times and you could drive the price up.

it's as untracable as can be.

Worst I saw...

[Thedalek]

Some local kid worked out a way (perhaps with only a specific brand/model of HD) to manipulate the location of the read/write head, and to violently tap it against the surface of the hard disk platter.

His program draw a smiley face and the words "HAVE A NICE DAY!" on the HD before resetting the system. I seem to recall him getting investigated by the FBI at some point...

Re:"Malicious Cryptography: Exposing Cryptovirolog

[Kadmos]

Malicious Cryptography: Exposing Cryptovirology
Adam Young, Moti Yung
ISBN: 0-7645-4975-8
Paperback
416 pages
February 2004

Published by Wiley: http://www.wiley.com/WileyCDA/WileyTitle/productCd -0764549758.html

backup, patch, protect

[Matt_Joyce]

This is just another if-you-don't-protect-your-data-you-will-regret-it post.

The fact is, this is no more scary than a 'Virus wipes hard drive!'.

If you're prepared to pay money to *maybe* get your files back, you probably have a nigerian stamp in your passport.

It's interesting to see viruses use crypto as an armament, but the defence against such an attack is the same for any other infection.

If you have backups, the payload is Inconveinence.

Now if a virus, knew who your competitor was and emailed the encrypted files to them, and then offered both you and your competitor the key, that wouldbe more interesting.

Or even, put the files on a zombie torrent network, and offer the key on ebay.

Been done. XM.Compat.A 1998.

[Matt_Joyce]

http://securityresponse.symantec.com/avcenter/venc /data/xm.compat.a.html

Payload

The payload is potentially troublesome. It is triggered on any day after August 31, 1998 when closing an infected spreadsheet. When triggered, it picks a worksheet but the active one and loops a thousand times to randomly select used cell that contains numeric value. With 1% chance, it decreases or increases the cell value within 5%.

Although this virus is not infectious in MS Excel 97 spreadsheet files, the payload routine is still called while closing an infected file.

The Reply Message

[catdevnull]

Dear l33t h4x0r:

After a little digging with a few h4x0r friends, we know your name and where you live. I'll make you a deal. If you give me the crypt key to my files, I won't tell your mom what you've been up to. If you want a new PS2 for Christmas, just ask Santa, OK?

love,
Dad

Irrelevent to Linux

[Luke-Jr]

I think the point the grandparent was getting at is that dir/ls/etc have *nothing to do with Linux*. The GNU system, maybe, but certainly not Linux.

IDEA discouraged

[Luke-Jr]

Actually, PGP can support various ciphers. IDEA is just one-- and discouraged for usage due to insane patent laws.

The case of the AIDS information disk

[elegie]

Back in 1989, an individual sent out a mass mailing to many recipients. The mailing consisted of an envelope including a floppy disk and a license agreement in small print. The software on the disk provided an assessment about the user's risk regarding HIV/AIDS. (Supposedly, users were encouraged to install and run the software.) However, the software also contained a hidden mechanism. After a delay, the mechanism would encrypt and hide files on the user's system. The license agreement specified a license fee ($189 one-off or a $378 "lifetime license") for using the software. This payment was to be sent to a PO box in Panama for "PC Cyborg Corporation." In addition, the license agreement warned of "most serious consequences" for failure to pay the license fee. A file left by the software said that users who paid would receive a "renewal software package." The originator of the software was tracked down but was found unfit to stand trial. (See the "Virus: AIDS Diskette" entry on this page.)