Slashdot Mirror
Virus Hold Computer Files 'Hostage' for $200
dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.
...Until I see a photograph of my files with today's paper.
Pulp Audio Weekly - Geek News and Reviews
IF it takes spyware hostage
Assuming this virus is telling the truth (and I highly highly highly doubt it is), doesn't that mean that there's a simple command you can send to it to fix the problem? What's to prevent anti-virus companies from figuring this out and providing a quick fix?
-dave
http://millionnumbers.com/ - own the number of your dreams
What the hell took so long for this to happen? There are thousands of viruses all around and most of them are so benign. They just eat system resources, send spam, show ads and other bs. It took way too long for someone to make a virus that actually compromises data. I hope soon someone makes one that takes important data files and uploads them to a web server for public view. And another one that overwrites the hard drives 3 or 4 times to prevent data recovery.
Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.
The GeekNights podcast is going strong. Listen!
However, people have been installing and paying spyware removal fees of less than $200, so I won't be surprised when people pay off viruses like this.
Saskboy's blog is good. 9 out of 10 dentists agree.
If it were real, we would have heard it from Symantec or McAffee long before a third-world news website.
tasks(723) drafts(105) languages(484) examples(29106)
Do they accept PayPal?
"Anything tastes good if you deep fry it."
yet another reason to do regular backups, so you are never solely dependent on your local copies.
Nothing for you to see here. Please move along.
...
OOOOOOOOOOOOOOOOH GNOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO. It appears to have infected CmdrTaco and now the news is being held hostage!!!!!!!!??!?!?!!!!
1) Infect news site and hold "stories" hostage
2) Hold a slashpoll to see if anyone noticed
3)
4) PROFIT!
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
so I figure the virus author could deduct the money from my account, himself.
because his "blackmail-letter" is a file called attention!!!.txt, containing this:
Some files are coded.
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032
Next time the police captures a virus writer, they should put him in a cell and tell him, we'll leave you here unless another virus writer pays us 200$.
SOmeone wrote: "this one is unique because it locks your files and then demands a $200 ransom to get them back." Unique? sounds like a description of anti-virus software to me.
you could just spend the change on a blank cd and back up your data before spending 200 dollars to get it back.
Is it just me, or does this seem a little elementary? FTA:
"I send program to your email," the hacker wrote.
And only demanding $200.00 from a business? Sounds like one of the following must be true:
a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.
b) person is testing the effectiveness of their program.
c) person is too short sighted to think of either a or b.
This is just pathetic.
Of course, this means any honest white knight is going to learn the hard way about 20 feds and a flashlight.
"But all your emitter and collector are belong to me!"
Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.
I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.
Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".
And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Gee, I wonder how he figured that out....
that Microsoft is adding to the next version of Office?
Lacking <sarcasm> tags,
Then again I still had Freecell and Minesweeper so it wasn't all bad ....which until today are the best software available for the Windows platform
www.lemonodor.com A mostly Lisp weblog
This has been out for years, it's called Windows XP Activation.
The Technomancer
"Men of lofty genius when they are doing the least work are most active."-
this is probably just an experiment, to see how many people are willing to pay this ammount to get the files back
He (she?) would get more money if it was a lower ammount in an easy-to-pay system, since many more people would pay.
Maybe we will see the story sometime soon
By reading this, you have given me brief control of your mind.
virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.
Thanks for giving 'em the idea. Next time I go to look at pr0.. I mean my pictures, I'm going to be in fear of opening any of them.. *grumble*
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
I just finished reading "Malicious Cryptography: Exposing Cryptovirology", and it talks greatly about exactly this. The problem is that, due to wonderful things like public-key encryption, evildoers could conduct an attack like this without leaving a trace.
I'd highly recommend the book (no, I don't know that author).
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
What the programmer needs to do is to buy a speed boat and have the victim drop the bag from a bridge into the boat and then flee and stage his own death with an explosion.
I've seen it in the movies.
The trick is to do that without spending more than $200.
The Internet is full. Go Away!!!
If you dont send the money with in two weeks they start sending the files back, bit by bit.
In the not too distant future, next Sunday A.D.
I've written about this before, but I'm *so* waiting for a virus to do one or more of the following:
* alter scheduled appointments in outlook/exchange
* alter contact information in outlook/exchange
* alter information in ms word and ms excel documents
The key to all this is to do it in small doses - change a 3 to a 4, alter appointments by 1 hour, etc, introduce a few wrong spellings into ms word documents, etc.
People have this view that viruses are horribly destructive, and it decreases the estimation of Windows in some. Others stick by Windows, content to use anti-virus stuff because a virus just generally uses up resources indiscriminately or 'steals' data.
If viruses started attacking the integrity of core MS Office products, not 'just' the operating system itself, more damage would be done to MS' hold on corporate america than any attack on the 'operating system' level by viruses.
Put more simply, most people really don't understand the ins and outs of operating systems, nor the potential damage than can be done to them. Everyone can understand the damage that could be done by having your spreadsheets altered without your knowledge.
Well, at least I *think* everyone could understand that.
creation science book
This is what happened when I installed windows 98... it crashed and a dialog box appeared and demanded that I upgrade to windows XP in order to save my files from digital heaven.
No, that's pretty much the original meaning.
My Photography - http://ian-x.com
The Deathlings (comic) - http://thedeathlings.com
No!!!! Not my 200GB archive of pr0n!! :(
That'll that forever to redownload and organize...
Where do I send the money?
What happens if after I pay the money, my files do not want to come back ?
I lost my third year project (Physics) to one in 1992. Eight months work chewed to bits, but a very nice chap named Jules reconstructed most of it from the actual sectors, with me guessing where-abouts it came from.
Those were, emphatically, NOT the days.
Justin.
You're only jealous cos the little penguins are talking to me.
I think you mean the Pakistani Brain Virus.
Software writers, not repair shop. Pakistan, not India. Not the first virus. It was intended to prevent piracy, and wasn't at all intended to be a "ransom."
That's the short version of the story. "Welcome to the Dungeon. Beware of the VIRUS." ;-)
a chosen plaintext attack might be an interesting defense. you could keep a series of chosen files with different extentions on your computer, so that when you get hit you have them for the decryption effort. Also you should wrap your monitor in tinfoil. ;)
Is to back up your data on a regular basis.
This little bit of wisdom has been around since computers hit the home. Now if only people would follow the advice given to them this virus would be a complete non-issue. Instead, we have a bunch of users who are convinced nothing bad will happen to them, (or are completely oblivious to the dangers), complaining since they didn't do what someone told them it was important to do.
I know I am paranoid, but I make sure important files are regularly copied to 3 different systems. Gmail makes a great place to store some of data - lots of space, geographically separated and administered by people who aren't complete idiots. I also copy my important stuff every week or two and put the disk in a fireproof safe designed for computer media.
This scheme seems to work well against these sorts of viruses as well as natural disasters and harware failures.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Then...
"Nuke the site from orbit, it's the only way to be sure"...
Yes Francis, the world has gone crazy.
The encrypt-files-and-demand-ransom-trick has been tried before by criminals in 1989. A company sent out disks with software containing a trojan that encrypted the harddisk and then demanded money to decrypt it.
y -of-computer-viruses.html#C05
http://www.claws-and-paws.com/virus/papers/histor
The ransomware could phone home to a cracked server which provides the key. Or public key crypto could be used.
I forget what 8 was for.
Oh yeah. Fuck those gender-descriminating Jedi.
Anakin: "Padme, you're pregnant. I'm afraid-for the good of the baby-you can't go lightsaber dueling or starfigher riding. You can resume such activities when they are safe for you again, mmkay?"
Padme: "Okay. I don't want to lose my child, so I'll sit down for this particular strech of 9 months. It's not like I wasn't involved in lots of gunfights before this, so I think I can deal."
God, some people just try too hard. Your stupid little digression about "sie" and "hir" is almost longer than your entire point.
back in the msdos days (aka: the good old days) there was a virus that locked your pc, did something nasty to your mbr (or fat - i forgot) and you had to play a game (or two .. or usually aLOT) on the slots machine. You would get your system back when you got the jackpot.
The author's name is 14608decf3c24b62a64015d411a862a640e5c1.
Course, you'll have to read the book to figure out how to decode it.
language derives its meaning from mutual consent. you can't "evolve a new shade of meaning" by yourself. before new forms enter a language, many people must use them for quite a while. we've formalized the lexicon and grammar so that people can actually use language to communicate predictably.
I'm sorry, but we don't negotiate with terrorists. The files knew the danger when they took the job.
C:\>format c:
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Will Microsoft start factoring these little occurances into the TCO of Windows?!
Wow - it's like "Hackers"... only ten years after the idea even made the mainstream. And much more low-rent. And without the cool graphics and computer-generated voice. And with less supertankers. And without Angelina Jolie with her nips out.
How lame is that?
(And that's leaving aside the huge number of social and technical ways this scam could be improved...)
Everything in moderation, including moderation itself
As for tracing the e-mail well that wont work either: again people do this all the time on e-bay rip offs and none of those get traced.
besides which the attacker might very well be logging your keystrokes and simply watching for you to send any text continaing a fake address he gave you, then sending this real text somewhere else. Fat chance you would notice this in time to do anything about it. He just picks off the western union number, then pays some street urchin to go collect for him.
or you could rig this as sort of a two part thing. One is to have the virus encrypt the files. then "coincidentally" this spam e-mail comes offer to sell you a universal decoder program for the low price of 49.99$. THe company could be legitimate in the same sense that McAffee is legit. They just sell decryption tools. Sure they might be suspect but some company IS going to crack this and when they do they are going to SELL the decoder. The evil-doer merely has to be one of many companies offer this product for sale. It would be in his interest to leak the decoding method just so those decoy compamies would appear.
Some drink at the fountain of knowledge. Others just gargle.
If you have just two files its still extremely hard... you need something like 2^23 files to do it in a reasonable amount of time (assuming RSA+IDEA).
This post is incorrect. Probably a semi-subtle troll rather than an honest error.
Neither RSA nor IDEA is vulnerable to a known-plaintext attack. In fact, any cipher that is vulnerable to such an attack is considered completely insecure, especially if only 2^23 "files" are needed.
If you get to choose the contents of one of the files its only about 2^17.
Neither RSA nor IDEA is vulnerable to a chosen-plaintext attack. There were some chosen-plaintext attacks against RSA a few years back (mid 90s), but proper padding eliminates them. And far more than 2^17 trials were required for typical key sizes. Again, no cipher that was vulnerable to such an attack would be considered secure.
Obviosly, if the keys are larger, it will take exponentially longer.
Larger than what? Are you assuming extremely small key sizes in order to achieve the numbers above? Actually, you don't get to pick the size of an IDEA key, because IDEA keys are 128 bits. Though you can arbitrarily fix key bits to produce a smaller effective key, there's no reason why the virus writer would want to do that.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Oh, wait a minute, never mind...
I forgot we were talking about viruses.
Twoeasy steps:
(1) Get this virus into the DMCA-supporters computers.
(2) When they are screaming that all their data is encrypted, kindly inform them that you could create a crack for it and get all their data back, but unfortunately you would run afoul of the DMCA reverse-engineering laws and therefore cannot help them.
Yes. Irony is *NOT* dead!!
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Some kind soul should write a virus that holds your files hostage until Firefox is installed and is set as the default browser. Hint, hint...
What a fool believes, he sees, no wise man has the power to reason away.
I encountered a virus just 2 years ago, although it had been written in the 1990s, that encrypted files on a hard drive using a randomly generated and locally stored key. If you removed the virus, you'd lose the key, and access to all files that had so far been encrypted. I don't recall the name of the virus right now, but I spent about an hour looking for a fix to this old virus, and fortunately found an old removal utility on a website that was still hosting it, and it retrieved the simple encryption key, and removed the virus after decrypting all of the encrypted files.
Saskboy's blog is good. 9 out of 10 dentists agree.
I wonder if this (or some other) extortion attempt is why my bank recently sent it's customers a warning about a new scam that asks you if you would be willing to become a "money agent" for someone in another country. Supposedly, you would allow money to be deposited in your account and then you would send 90% of it along to a Western Union account. According to the scam, this is supposed to be faster, safer, and cheaper for people in forigen countries.
Seems like a great way of breaking the money trail and it only costs 10%!
Crooks are pretty inventive.
Not sure if you're a troll or not, but us in the linux community don't want to *WIN THAT WAY*.
Religion is a gateway psychosis. -- Dave Foley