Slashdot Mirror
Extortion Virus Code Cracked
Billosaur writes "BBC News is reporting that the password to the dreaded Archiveus virus has been discovered and is now available to anyone who needs it. Archiveus is a 'ransomware' virus, which combines files from the My Documents folder on Windows machines and exchanges them for a single, password-protected file, which it will not unlock unless a password is given. The user would normally be required to pay the extortionist money in order to receive the password, but apparently the virus writer made one small, critical error in coding: placing the password in the code. BTW, the 30-digit password locking the files is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw."
I was just looking for that. Thanks!
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Odd how that "30 digit password" has 38 characters, 13 of which are digits.
Don't blame me; I'm never given mod points.
We are all now victims of a DMCA lawsuit!
Get your Unix fortune now!
These days even the virus authors don't know anything about writing secure software :(
That's the combination to my luggage!
"A REAL computer has ONE speed and the only powersaving it permits is when you pull the power leads out of the back!"
Next time it will be a virus writer who knows about public key cryptography, and then you'll just have to pony up the dough... (or you could stop getting your computer infected with malware in the first place.)
Hmm...
It also works for new Windows XP Professional installs.
Strange.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
seriously my next guess
Hasn't this been around for a while? According to this page, the password has been know for at least a month.
you mean that when they pay up the people actually let them get their files back? you would think any criminal would just delete them, say that they would give them back and then just take off with the money; they are already breaking the law, whats another one added to that? I wonder if this will now work like it should in the perfect open source community though, a bug is found, someone patches it, the new stuff is available within the day, maybe even better than before?
*''I can't believe it's not a hyperlink.''
heh, is this strings to the rescue?
:)
one of the best programs evar
sad robot making broken music
If you are still betting on antivirus companies to keep you safe, you should consider this a warning. There is no technical reason why the password should be recoverable. Had the author used strong public key cryptography instead of a symmetric cypher, there would be no way to get the key without the help of the virus author. The only way to be safe is to not get infected and that means you have to use your brain.
If it's the same password for every infection, wouldn't it be likely that the first victim who actually paid for it would then release it to the wild to screw-over the extortionist ASAP?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The most interesting part of TFA: "Victims are only told the password if they buy drugs from one of three online pharmacies."
Are online pharmacies so unregulated that criminals can extort people as a means for advertising?
Wow.
Strike anyone else as odd that the BBC (et al.) ran this story big time - made the world service - on the same day that Microsoft announced their all in one security suite, that, by coincidence, protects against such virus'?
1) Write ransom virus ....
2) Release
3)
4) Profit!
Wait - that actually works I think
I thought it was a good idea
You're wrong. You can cypher it with the public key and it can't be recovered without the private key, which is safe at his computer.
The virus writers could have used a GPL-based crypt library, but realized that there would be legal issues involved, requiring them to open-source the whole virus.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
today's Sesame Street program has been brought to you by:
mf2lro8sw03ufvnsq034jfowr18f3cszc20vm and w
Confucius say: "Man who associates with smarter men than himself is smarter than the men he associates with."
Wow, I can see it now. New user clicks on "check email", sees "I Love You!" and clicks on the attachment. A popup window with a gun pointing out the screen appears and the message: "Alright buddy, this is a stickup - Type your bank account password in the field below and click 'submit' or everything in My Documents gets deleted!! I'm not kidding!!! Do it NOW!!!!"
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Has this guy been arrested? It shouldn't have taken a genius law enforcement officer to make a payment for this and track it and then pick the guy up?
Personally, worst case I'd write a little algorithm to generate it (if I wanted a constant password that is).
More likely I'd write one that created a hashcode from the completed compression, encoded the hashcode in base64, told the user to enter it when he bought his drugs then used a second algorithm online to encode that result into a specific "key" that would only work for that one, umm, "Customer". If possible I'd write the algorithm in a custom bytecode language so that it wasn't just a straightforward decompile.
Of course, if I was going to go through all that effort I'd just write an online casino or something and steal my money the old fashion way.
There seems to be one glaring problem with the idea of ransomware:
Eventually you're gonna piss off the wrong person.
Imagine the DoD or the CIA getting hit with this. They lookup the registar of the sites you are supposed to buy the drugs from. They then go visit that registar's main office (borders, what borders? we're the CIA, we've never paid attention to soviernty in the past.). They politely ask the registar to hand over all information on the person paying for the domain name (for the definition of polite which involves pointing guns at and kicking people in the head). Once they know who is paying for the web sites (credit info/check info), they visit that person and politely ask for the password to unlock the virus (same definition of polite).
If it's the DoD which gets hit, replace CIA with a Navy SEAL team.
Necessity is the mother of invention.
Laziness is the father.
I am pretty sure that 'mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw' is a registry key for 'My Documents'. It had to be encrypted for 2 reasons:
1) Only you and MS can open 'My Documents'
2) They haven't yet worked out how to really have spaces in file names lusers use. [cue: spinning hour glass]
How'd that guy find out my root password!?
Creative misinterpretation is your friend.
Um diddle diddle diddle um diddle ayw !w !
Um diddle diddle diddle um diddle ay
mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw!
Even though the sound of it Is something quite atrocious
If you say it loud enough
You'll always sound precocious
mf2lro8sw03ufvnsq034jfowr18f3cszc20vm
Um diddle diddle diddle um diddle ay
Um diddle diddle diddle um diddle ay
Because I was afraid to speak
When I was just a lad My father gave me nose a tweak And told me I was bad
But then one day I learned a word That saved me aching nose
The biggest word I ever heard And this is how it goes:
Oh, mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw!
Even though the sound of it
Is something quite atrocious
If you say it loud enough
You'll always sound precocious
mf2lro8sw03ufvnsq034jfowr18f3cszc20vm
-- @rjamestaylor on Ello
Douglas Adams made one....
"What do you get when you multiply six by nine?" "Forty-two".
Work it out in base 13.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
I was confused by that as well. I presume plaintext, since storing a hash and comparing a hash generated from user input seems standard practice... at least in the non-virus writting community.
Ya think the writter had a PHB leaning on him to meet deadline?
A Human Right
That's odd. In my experience, the moderators tend to use "Offtopic" when they wish to say "Hey you, shut the fuck up and don't point out the truth unless it's what we want to hear." Other than the use of "Troll" instead of "Offtopic," believe me when I tell you that this is nothing new. This is simply one of the easier ways to abuse this particular system.
I see this going on often enough that I am heading towards the conclusion that meta-moderation is not a strong enough solution for this problem. Meta-moderation is great against mods who deliberately abuse their mod points, but it doesn't work so well against the no-regard-for-facts crowd, which is much larger by comparison. However, because a partial solution is superior to no solution at all in this case, I usually meta-moderate any chance I get and when doing so, I am swift to mark idiot moderations like this as "Unfair."
As to why the moderation is a shitty judgment call, I will give a hopefully adequate analogy: I do not blame Microsoft for producing half-ass products and profiting handsomely from it; I blame anyone who decides to reward their lack of quality with cold hard cash. By random chance, we ended up with an example of this named Microsft, but there is an entire world full of people with situational ethics waiting to exploit any situation where shit gets rewarded. If Microsoft had not so effectively capitalized on this situation, rest assured that another player would have done so. It's a giant whack-a-mole game until you address the actual problem, which is the decline of the discriminating customer. Therefore, it makes no sense to blame the guy who points out the fact that the Slashdot editors have a mediocre command of the English language. If you must place blame, this would belong to the editors for having a mediocre command of the English language combined with the audacity to still refer to themselves as "editors" because once this is established, it becomes a predictable eventuality that a user who actually cares about quality will point out their shortcomings.
Incidentally, "Overrated" is a pansy-ass way to express your disapproval with a post, because it allows you to make a claim (that the post deserves a negative sanction) without even giving so much as a hint of reasoning explaining why.
It is a miracle that curiosity survives formal education. - Einstein
mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw
It's the most remarkable word I've ever seen!
mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw
I wish I knew exactly what I mean!
It starts out like an M word as anyone can see,
But somewhere in the middle it gets awful 4J to me!
mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw
If I ever find out just what this word can mean,
I'll be the smartest bird the world has ever seen!
Had to be said, karma be damned
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
(for exceptionally high values of 30.)
Well, that meta-theorem is kind of included in the idea that, with sufficient time and money, almost any cipher can be broken. And isn't the system necessarily open, since the extotionist must collect the money? This would, I suspect, me much easier to trace than the private key being delivered, which could just be a disc in an envelope sent via the postal service.
There is a major flaw with the whole ransomware idea and it is that they are actually the most benign kind of virus. They just encrypt your files instead of deleting it? If someone's information is important enough to be worth paying for recovering it should already have a backup copy.
Then the real problem problem for the hacker is getting the money without losing his secret identity
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
May be I am wrong, but I thought the Digital Millennium Copyright Act prohibited breaking any encryption and made it a crime to "attempt to circumvent protection". The anti-virus people reverse engineered the virus code, decompiled it, probably ran it under SoftICE and published the password for the whole world to see. Can the author of the virus sue these anti-virus people under DMCA for causing "irreparable financial harm"? And hold slashdot as an accomplice for aiding and abetting the dissemination of the cracking key?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
The CIA won't have a problem taking down an online pharmacy or two, they really hate it when people interfere with their drug trade anyway.
When confronted with this at a press conference, mr Adams said "no one makes jokes in base 13". It is a coincidence.
(or so i've heard)
"he, who has quotes in his signature, is a douche" - unknown.
How do you write a jump instruction for my handmade bytecode-interpretted vm? And doesn't the CRC, which I run inlined tests of throughout my code, of the file change when you modify that instruction?
You have a full-blown hand-made bytecode interpreter now? Let me guess how this is gonna continue:
ME: I whip out my advanced lexical analyzer and break your bytecode into well laid out PDF specification
YOU: I point a laser gun at you, and it's loaded.
ME: Batman comes through the window to help me.
YOU: Superman comes makes a hole through the ceiling and comes to help me.
ME: Superman? What, we'll f*cking use Superman to break into encrypted files? At least Batman is ok with technology.
YOU: Batman is just a geek: strip the technology off and what remains is a middle-aged guy with obsession over flying mice.
ME: Bats are NOT MICE, DUH!!
The files aren't encrypted at all.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
You know why computer programmers get Thanksgiving and Christmas confused? Cuz OCT 31 == DEC 25.
Click here or here.