Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Hold Computer Files 'Hostage' for $200

Posted by CmdrTaco on from the it'd-be-funnier-if-it-wasn't-scary dept.

dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.

22 of 488 comments (clear)

  1. It won't get a penny from me... by yotto · · Score: 5, Funny

    ...Until I see a photograph of my files with today's paper.

    --
    Pulp Audio Weekly - Geek News and Reviews
    1. Re:It won't get a penny from me... by c0ldfusi0n · · Score: 5, Funny

      In other news, virus writers associate with milk producers to print the output of "dir" on the back of the milk cartons.

      --
      A computer makes it possible to do, in half an hour, tasks which were completely unnecessary to do before.
    2. Re:It won't get a penny from me... by HadenT · · Score: 5, Informative

      Why not:
      generate random key, encrypt data with it (symmetric),
      encrypt that key with public one (stored in virus itself), destroy random key, give victim encrypted key.
      Victim sends encrypted key to author, he decrypts it using his private key and sends it back.

    3. Re:It won't get a penny from me... by tchernobog · · Score: 5, Interesting

      Not a really new idea, it's inside Andrew Tanenbaum's "Modern Operating Systems"!
      The virus programmer has to have read the book.

      --
      42.
  2. I call hoax by Short+Circuit · · Score: 5, Interesting

    If it were real, we would have heard it from Symantec or McAffee long before a third-world news website.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
    1. Re:I call hoax by t123 · · Score: 5, Informative
      try the websense website with more detailed information.
      The original infection occurs when the user visits a malicious website that exploits a previous vulnerability in Microsoft Internet Explorer. This vulnerability allows applications to run without user intervention. The malicious website uses the Windows help subsystem and a CHM file to download and run a Trojan Horse (download-aag). The downloader then connects, via HTTP, to another malicious website. This website hosts the application that encodes files on the user's local hard disk and on any mapped drives on the machine. The malicious code also drops a message onto the system with instructions on how to buy the tool needed to decode the files. This message includes the email address of a third party to contact for instructions, and the user is directed to deposit money into an online E-Gold account.
  3. interesting attack by rayde · · Score: 5, Insightful
    this is interesting. if a virus did this on a large scale, there would be loads of people who would be desperate to recover their data, and likely no feasible way to do it on a large scale without key recovery. but really, does the h4xx0r expect to be able to collect a sizeable amount of money without it being traced?

    yet another reason to do regular backups, so you are never solely dependent on your local copies.

  4. I use Bank of America... by Anonymous Coward · · Score: 5, Funny

    so I figure the virus author could deduct the money from my account, himself.

  5. Must be a real moron by Kosi · · Score: 5, Informative

    because his "blackmail-letter" is a file called attention!!!.txt, containing this:

    Some files are coded.
    To buy decoder mail: n781567@yahoo.com
    with subject: PGPcoder 000000000032

  6. Getting away with it... by NCraig · · Score: 5, Insightful
    "The problem is getting away with it - you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an email account."
    These guys won't get caught as long as they operate internationally and keep their ransom demands relatively low. As we've seen with the Nigerian Scam, there will be little impetus to apprehend these worthless criminals.
  7. Ransom by mcleaver · · Score: 5, Funny

    SOmeone wrote: "this one is unique because it locks your files and then demands a $200 ransom to get them back." Unique? sounds like a description of anti-virus software to me.

  8. Re:Finally! by meringuoid · · Score: 5, Insightful
    Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.

    What will do that is a virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.

    So many people have stored their digital camera photos on vulnerable Windows PCs. The only thing that will get them to secure those boxes is the threat that little Sophie's birthday photos, or the last time they went on holiday with Grandma before the illness, might be replaced with hideous porn by some virus...

    --
    Real Daleks don't climb stairs - they level the building.
  9. And computer criminals everywhere cringe by grasshoppa · · Score: 5, Insightful

    Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.

    I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.

    Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".

    And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  10. Wow by NubKnacker · · Score: 5, Funny
    "This seems fully malicious," said Joe Stewart, a researcher at Chicago-based Lurqh who studied the attack software.

    Gee, I wonder how he figured that out....

    1. Re:Wow by httptech · · Score: 5, Informative

      Yes, funny funny. In context, though, you have to know the question the reporter asked me, which was, "Do you think this software was a test, or do you think it was malicious?"

      -Joe

      --
      Joe Stewart, GCIH
      Senior Security Researcher
      LURHQ http://www.lurhq.com/

  11. Isn't that a feature by overshoot · · Score: 5, Funny

    that Microsoft is adding to the next version of Office?

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  12. Re:a fix by Mr+Guy · · Score: 5, Funny

    (or discover it through brute force if they dare wait that long)


    McAfee runs on an awful lot of enterprise networks, and tons of home users. I wonder how long brute forcing a key through distributed computing would really take. I wonder if McAfee is already using cycles for nefarious reasons. How long until McAfee becomes self aware!

    I need more tinfoil

    --
    Never confuse volume with power.
  13. Why so much press.. by technomancer68 · · Score: 5, Funny

    This has been out for years, it's called Windows XP Activation.

    --

    The Technomancer
    "Men of lofty genius when they are doing the least work are most active."-
  14. New Variant by Timberwolf0122 · · Score: 5, Funny

    If you dont send the money with in two weeks they start sending the files back, bit by bit.

    --
    In the not too distant future, next Sunday A.D.
  15. There will be no negotiations. by vertinox · · Score: 5, Funny

    I'm sorry, but we don't negotiate with terrorists. The files knew the danger when they took the job.

    C:\>format c:

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  16. typo by commodoresloat · · Score: 5, Funny
    you misspelled "ls"

    Oh, wait a minute, never mind...

    I forgot we were talking about viruses.

  17. Re:laundering the money by team99parody · · Score: 5, Insightful
    In fact, Symantec does this to me (at work) all the time. I bought their product once; and every 6 months or however long it takes that license to expire; they keep spamming me with more emails that say if I want to keep my computer safe from all the stuff infectig it I need to pay them more protection money.

    At home, I don't have the problem; since more honorable vendors that distribute their software via apt-get don't run these kinds of protection rackets.