Slashdot Mirror
Inside a Ransomware Money Machine
tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."
Scams are only effective if they appear to be true. Would it surprise anyone for the FBI to essentially take bribes (fines) over fake criminal charges?
sudo make me a sandwich
My buddy got one of those from watching waaaaayy too much porn, and actually called the FBI who told him it was a virus.
What it does is lock your screen with an FBI logo and official-looking message, even displaying the output from the webcam if there is one, saying that unless the mark pays $200 or so using a Bitcoin-like form of payment one can get at convenient stores, the user will be arrested for downloading CP and/or "copyrighted material." Certain keys are locked, obviously, so you can't do the 3-finger salute and kill it with the task manager.
A boot into safe mode and a little MsConfig was enough to fix, though not remove, the malware.
-- Ethanol-fueled
It should all be considered a scam when someone says pay up or I'll take you to court/press charges/sue/threatens you.
Be seeing you...
The best defenses against scams are still the same:
1. Knowing your right to due process, and
2. Knowing proper spelling and grammar in your native language.
I'm continually dismayed that large numbers of people (possessing enough intelligence to use a web browser) don't realize that the FBI using email or popups to demand summary payment of "fines" without due process is implausible and illegal.
Gamingmuseum.com: Give your 3D accelerator a rest.
Step 1
Find out which binary is running which provides the ransomware message. Rename it. View the hex code and see if it connects to other files or registry entries. Keep searching and identifying the malware parts.
Step 2
Rename, Delete
Step 3
Get a scan from the free online scanners.
Keep deleting until the ransomware and all worms and virii are gone
Step 4
Use D7
This stuff happens cause people don't understand how to use their Operating System.
It's the education stupid. That's not to say you make a mistake once every 5 or 10 years and accidentally delete your partition while partitioning something else. Or you actually run a worm'd up binary. It happens, I have no ego here, EVEN I screw up occasionally. However the difference is I head off to Step 1 above.
Actually writing the FBI for help? Very stupid.
Poor Hoover must be spinning in his bustier.
Isn't this about the same percentage as any spam campaign? That's pretty much why it's still profitable.
Though, you'd think that most people would realize that law enforcement doesn't simply send you an email demanding you pay a fine or face criminal charges -- there really isn't that option as far as I know. Well, at least not in all countries.
Lost at C:>. Found at C.
once you have the mattress home it is legal for you to remove the tag but after that you can't resell the mattress.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Just a horrible observation: this has seriously gotten out of hand and it is getting worse. Back twenty years ago, there were only a limited number of known viruses, that identity definitions / checksums of all of them could have fitted on a single database file big enough for a single floppy disk. Nowdays the combination complicated operating systems with weak security, security bugs on internet software and abundance of poor programmers in the 3rd world countries willing to sell their code of ethics, morals and their mother for two thousand dollars per exploit make it virtually impossible for anti-virus companies to maintain a product and database to keep these off.
In my experience, my customers in most cases were duped in downloading these pieces of thiefware. My personal thought back than was "I wish I could lock this computer in read-only state so that they can not do absolutely anything stupid except turn it on, browse and turn in back off."
In light of this there must be a new way of conducting Internet browsing and software management on local computers. My personal thought was a full read-only operating environment periodically verified with full checksum for its integrity, on which any software updates or new software installs are simply impossible / or new installs are allowed based on reputation scores of such software.
But seriously, are there any schemes or research out there that has been working on the topic of creating a managed secure environment for average consumers?
Several commenters have asked why anyone would fall for this – after all, US law enforcement agencies generally don't just shake people down for cash. But there are two real-world situations the average person might have dealt with that are somewhat analogous to this.
One is traffic tickets: In most cases, drivers are given the option to simply pay the fine without having to go to court. You can have a full hearing if you want, but most people just pay the fine.
The other is the legal threats against BitTorrent users, the ones where the MAFIAA sends out letters demanding that the person whose account the activity was conducted from either must pay $1000 or some similar amount immediately, or face a lawsuit for significantly more.
Now, there are definitely some legal differences there: a traffic infraction is a "summary offense" that doesn't carry the threat of jail time, and the MAFIAA lawsuits are civil cases, not criminal. But most people don't understand these subtleties: to many of them, any scary-sounding authority figure saying "Pay up" is the same thing. Heck, the Milgram experiment showed that you could have regular people deliver "fatal" electric shocks just by having a guy in a white lab coat tell them they had to.
So, the scam message is delivered in the local (non-English) language with the local police authority's logo, but some
of them have a "Federal Computer Crime Unit" or similar in English!
I'm surprised there isn't more ransomware that turns your webcam on, perhaps catching you in something you'd rather not have on the interwebs, and blackmails you with that.
I'm not a lawyer, but I play one on the Internet. Blog
...and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while
You mean to say that if I demand that a hundred people each send me a lot of money, and one to three of them do... those one to three people are going to... send me a lot of money?? (Is this that "math" thing I've heard so much about?! :p)
The difference between blackmail and settlement is that blackmail requires the threat of doing something ILLEGAL if the demands are not met. Whereas, a settlement offer is the forbearance of a LEGAL right if the demands are met. If someone didn't pay me for my work, for instance, I can send a demand letter asking that he pay me or I will sue him for the money, which is a legal right I have. If I demand money or I will shoot him, that's blackmail.
The boundary is close when it comes to porno cases. What if the right to sue is clear cut (the Copyright Laws clearly prohibit downloading the material) but the real damage is the damage to reputation? That becomes closer to the situation of, "Give me money or I'll release this sex tape you made" or "Give me money or I'll tell the world about our love baby."
A NYC lawyer blogs. http://www.chuangblog.com/
" If I demand money or I will shoot him, that's blackmail."
No, that's extortion.
Blackmail would be threatening to tell your wife about your mistress. Blackmail can include things you would otherwise be perfectly legally allowed to do.
You may have every legal right to expose the trips made to a bathhouse by a homophobic republican senator but if you demand money from him in exchange for *not* revealing that secret, that's illegal.
I don't know about your country, but in mine, suing someone despite knowing very well that your chances of winning are zero with the intent of browbeating the person sued into submission due to him not knowing the legal system and not being able to afford adequate legal representation IS actually illegal.
It's called a frivolous lawsuit and if you are a lawyer and tend to do such things too often, I hope you have a plan B for your time after being disbarred.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If the people watching kiddie porn end up scammed, I say it's cool!
You've never been to Mexico?
going to jail for having downloaded kiddie porn or pirated content
Is anyone else disturbed that they're putting the two together?
It is funny that this gets released right after the FBI gets informed that they had a person who works for the US planting evidence and destroying easy access to the hard drive first - so what does the average IT person do with a hard drive keep it around for fear of data actually being recovered
Poor Adrian Moser from 2203 9th Ave, Apt 3 (it is an L shaped building) he got caught planting evidence and was sanctioned the bastard was video taped even god I wonder how much damage that would cause the Untied States if that Video Tape was released after his confession of who he worked for was released - damn the US is getting more and more incompetent in the IT department...
Say I hear there is going to be a massive leak about the whole chemical (as in computers who process information through the use of chemical reactions) computer network - point to Wright Patterson AFB - I am sure I can point to a college in "P"oduck WV that recently got 3 new buildings because the US is trying to locate a rouge chemical computer hidden on the grounds... it would really suck of the bad guys got ahold of it...
Got a few of these emails as well. Besides the dubious command (?) of the language there was also the minor detail of the source address. The ones I got were from places like 'aol' or 'hotmail' -- which seemed an unlikely source for a government message of any sort. Then the (snicker, snicker) demand that one open the attached file to read the charges... oh, please! The last one had a faked 'gov' address (didn't agree with the routing info on the email itself but they never fixed the language flaws. Pathetic. I cannot imagine anyone responding... least not anyone I would be interested in associating with...
The last two examples you made are otherwise legal actions. It is perfectly legal for a woman to name the father of her child. It is not legal to demand money not to.
It could be argued that a settlement is a payment of actual damages to make the would be plaintiff whole without need for court whereas blackmail is simply for unjust enrichment. However, at some point (such as the RIAA suits) the merits of the case against the defendant fall so low that it becomes indistinguishable from an extortion racket. Further, the payments are documented to not find their way back to the allegedly damaged party, so there is no making whole. But note that the RIAA isn't up on racketeering charges.
The sad thing is that through uncontrolled legal costs, complete lack of a bullshit filter before those costs kick in, and capriciousness our 'justice' system so perfectly backstops blackmail every day.
Off-Topic Ad Hominem attacks aren't disproving my points:
"Not because you're a huge jerk. Which you've clearly proven that you are. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
This "huge jerk" put up material that actually WORKS vs. ZEUS & it's variants...
Have you? No.
---
"I see you complain about people being out to get you and treating you poorly. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
No, I am just asking that whoever (you) downmodded my posts make it valid by JUSTIFYING WHY (and not for the bullshit you spouted here) on computing technical reasons...
(There's NO WAY you can, because what I posted stalls out Zeus & it's variants... period!)
---
"I thought about downmodding you because you repost the same stuff over and over and over. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Again - stuff that ACTUALLY WORKS vs. Zeus & other botnets...
---
"In this particular discussion the crap you post is *marginally* on topic, so I left it alone. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Marginally? It works to STALL OUT Zeus & its variant botnets... period. You "left it alone" my ass - you downmodded it, and for NO GOOD REASONS (like proving my points wrong).
You can't prove them wrong: You know it, I KNOW IT, & everyone/anyone else reading here, knows it. Period...
---
"The thousand (two thousand?) word posts you spew generally contain dozens of links to the same information over and over again. Then you *repeat* that information in the same post. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
That WORKS against this botnet, thus it's on topic (unlike the crap you're spouting here)...
---
"I don't know you APK and have nothing personal against you. I have learned to ignore you -- not because I don't like you or think you're an idiot, but because you don't seem to add anything useful to discussions. " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Nothing useful? Sorry - but what I put up earlier is ONE HELL OF A LOT MORE USEFUL than the crap I am responding to NOW from you...
---
"Have you ever considered that you might be provoking that reaction? " - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Yea, from 1 of 3 kinds of people only:
---
1.) Malware makers/Botnet herders-masters (for obvious reasons - using custom hosts files mess up their bogus machinations)
2.) Advertisers (who rob you of CPU cycles, RAM, & other forms of I/O + electricity, via adbanners, as well as screen real-estate viewable)
3.) Webmasters (disgruntled over losing banner ad views - well, pay more attention to what your site's showing, because many have been INFESTED with malicious code)
---
"I personally didn't downmod you" - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Ahem: (cough)"BULLSHIT"(cough)
---
"I'm not all that surprised that someone did." - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Oh, of COURSE not, considering you're PROJECTING YOU DID!
---
"I thought about downmodding you too." - by Anonymous Coward on Wednesday August 15, @02:10PM (#40999325)
Ahem: (cough)"BULLSHIT"(cough) - you're merely "projecting" that you actually did...
---
"I realize that you'll most likely just write me off as someone that's out to get you, but I write this in the hope that one day you'll stop re
They can't disprove it apk. You're right that it works against zeus botnet families. They know it too and are probably the 3 types you suspect that hate hosts files in adverisers, botnet makers, and webmasters. They don't want others knowing it for various reasons.
They can't disprove it apk. You're right it works against zeus botnet families. They know it and are the 3 types you suspect that hate hosts files in adverisers, botnet makers, and webmasters. They don't want others knowing about custom hosts files for various reasons you stated.
"Hit & run" downmods to my post? Justify it on computing tech grounds (as in mistakes I may have made (none))... because SO far?
* Face it - You have NO real reasons to downmod me... well, unless you're 1 of 3 types of people:
---
1.) Malware makers/Botnet herders-masters (for obvious reasons - using custom hosts files mess up their bogus machinations)
2.) Advertisers (who rob you of CPU cycles, RAM, & other forms of I/O + electricity AND SPEED/BANDWIDTH ONLINE - All via adbanners, as well as screen real-estate viewable)
3.) Webmasters (disgruntled over losing banner ad views - well, pay more attention to what your site's showing, because many have been INFESTED with malicious code)
---
NO questions asked...
APK
P.S.=> So, IF/WHEN all you have are bogus "hit & run" downmods of my posts? You make MY point just above, for me... thank-you!
... apk/b
They can't disprove it apk. You're right that it works against zeus botnet families. They know it too and are probably the 3 types you suspect that hate hosts files in adverisers, botnet makers, and webmasters. They don't want others knowing it for various reasons.
Exactly so. Those scumbag moderators! I bet they have meetings every week to see how they can screw with you APK. I think you should contact the FBI and local law enforcement as these moderator folks are totally trying to make your life a living hell.
I suggest you start by suing the owners of /. to get the names, email addresses and IP addresses of all the lowlifes who have ever modded you down. Then you can serve them with defamation lawsuits. Those nasty moderators. Who the hell do they think they are? My god -- you're APK for heaven's sake!
What is more, you should post on every thread about your amazing product because everyone should know all about it so they can protect themselves. Those criminals are really pressing hard because your software has them on the run. You should probably buy a gun to make sure they don't try anything physical.
Anyway, all I can say is that I admire and respect you for all you've done in the fields of IT and infosec. Without you, we'd be at the mercy of those criminal scumbags! Kudos to you APK!!!
--BFJ
Yes, it's illegal, on paper. However, in order to do anything meaningful about it, the victim would need to be able to take you to court. Among other things, that effectively means he'd have to be able to afford a lawyer. Additionally, it can be rather difficult to demonstrate to the court that the offender _knew_ he wouldn't win the suit and _intended_ to nonetheless force a settlement to which he was not entitled.
To actually provide the populace at large with effective protection against this kind of abuse of the legal system, all plaintiffs in civil suits would need to be required to pay the defendant's legal fees. (They could then recover their loss if and only if they win the suit.)
The problem with that, of course, is that most people would no longer be able to afford to enforce their legal rights by filing lawsuits. Thus, instead of allowing the courts to be abused to harass the innocent, you're now effectively denying justice by preventing the courts from being used correctly.
It's a thorny problem. There's no perfect solution.
Cut that out, or I will ship you to Norilsk in a box.
Based SOLELY on computing grounds in some mistakes I made? The rest is utter bullshit.
APK
P.S.=> When I see downmods of my posts, or those of others, that aren't based on the subject @ hand (in this case, the Zeus botnet family, which I SHOW how to "nullify" it easily using custom hosts + firewalls rules tables)?
I know they're utter bullshit!
They're & usually from someone that just doesn't *like* someone else (which is usually the result of getting their ass kicked time & again by the person they're down moderating, which is their ONLY "effete retaliation" they can hide behind, like a wench might... lol!).
This is WHY the /. moderation system needs a "fix", so you can confront such "courageous lads" (not) that "hit & run" downmod on bullshit reasons... just to shame their stupid ass!
... apk
Based SOLELY on computing grounds in some mistakes I made? The rest is utter bullshit.
APK
P.S.=> When I see downmods of my posts, or those of others, that aren't based on the subject @ hand (in this case, the Zeus botnet family, which I SHOW how to "nullify" it easily using custom hosts + firewalls rules tables)?
I know they're utter bullshit!
They're & usually from someone that just doesn't *like* someone else (which is usually the result of getting their ass kicked time & again by the person they're down moderating, which is their ONLY "effete retaliation" they can hide behind, like a wench might... lol!).
This is WHY the /. moderation system needs a "fix", so you can confront such "courageous lads" (not) that "hit & run" downmod on bullshit reasons... just to shame their stupid ass!
... apk
That's why it's so important that you keep posting about your revolutionary product! Those loser moderators have no shame! Also, it's important to take legal action against these jerks. I propose we set up an APK anti-defamation legal fund to raise money so we can make these bloodsuckers pay!
"That's why it's so important that you keep posting about your revolutionary product!" - by Anonymous Coward on Wednesday August 15, @05:23PM (#41001939)quote>
See subject: It's just something that makes something IMPOSSIBLE (deduplication/normalization) , possible!
Easily GUI possible, in the dedup/normalize of 1,000's to MILLIONS of known bad sites-servers/hosts-domains that house & host up malicious content!
Trust me on this subject:
I know, I went thru YEARS (my 1st years building up a custom hosts file vs. malicious sites + banner ads & bogus DNS servers as well as botnet C&C servers) doing it manually... was impossible to keep up on.
Then, I used MS-Access to perform the dedup/normalization, but it wouldn't haul in the data...
So, hence, why I built an EASY-TO-USE "GUI" model of it.
The same (almost) can be done with *NIX shell scripts or languages like Python (my nephew & I built such a tool in the latter in fact a couple years back - he did the broad strokes, I added in err-trapping & 'niceties'... was 'ok' but not what folks want & use, today: GUI!).
APK
P.S.=> To the rest of what you wrote? Well, I am not sure I agree on some of it:
"Those loser moderators have no shame!" - by Anonymous Coward on Wednesday August 15, @05:23PM (#41001939)quote>
Thing is, I don't *think* it's the mods here (it's trolls with mod points & multiple registered 'luser' accounts)...
That is, unless the mods are paid by "geeknet" who MIGHT not like the fact I block out ad banners (which IS part of their income I am sure).
Tough cookies!
See - banner ads have been infected/infested many times with malicious script, they rob bandwidth/speed & electricity I pay for (CPU cycles, RAM, & other forms of I/O) so... there you are.
My ca$h, and YOURS as the user constituency here, comes first!
---
"Also, it's important to take legal action against these jerks" - by Anonymous Coward on Wednesday August 15, @05:23PM (#41001939)quote>
Ahem: No, that's not necessary - what IS NECESSARY, however, is a fix to the moderation system here so one has the RIGHT to confront those who do "hit & run" downmods based on utter bullshit & NO TECHNICAL INFORMATION BASED ON THE TOPIC @ HAND!
Fact is, imo @ least? It's the 1 thing WRONG with /. ... other than flocks of trolling scum.
---
"I propose we set up an APK anti-defamation legal fund to raise money so we can make these bloodsuckers pay!" - by Anonymous Coward on Wednesday August 15, @05:23PM (#41001939)quote>
Again - not needed: It's impossible for them to "defame" me, since I use nothing but facts for the topic @ hand. What is needed, again, is a FIX to the moderation system here (so one can face detractors who "hit & run" downmod but offer NO reasons based on the topic @ hand, in this case computer tech info., & dust them)...
I truly DO understand that this site is "news for Nerds" but do YOU ALL HAVE TO ACT LIKE THAT (Nerds, worse than women, but that's the lives you've chosen, but it doesn't mean you have to live it 24x7 doing unjustifiable downmods like women might... lol!)
... apk
LOL, man... whatever/to each his own (we don't see some stuff the same), & though you mean well (or are just feigning it to troll, seen it before, not original), mind you, ordinarily I don't judge - However?
Well, to be blunt about it?? I think you're a WEE bit "StRaNgE"... lol!
It's time for some tunes, & you've "set the tone" on that note (a musical one)... see below for details - especially the 2nd tune!
APK
P.S.=> Jim Morrison said it best -> http://www.youtube.com/watch?v=K3CHi_9sxj0 in these http://www.youtube.com/watch?v=boeCq8mSY5E ...
... apk
Senator XXX bathhouse tapes available on eBay.
Current bid: $1.00
Buy it now: $10,000
Have gnu, will travel.
http://it.slashdot.org/story/12/06/20/0424242/why-nigerian-scammers-say-theyre-from-nigeria
"According to research by Cormac Herley at Microsoft, scammers are looking for the most gullible people, and their crazy emails can help weed out people who are savvy enough to know better. "
Everyone above this line was either troll or trolled except "tsu doh nimh" which I'm pretty sure is this vietnamese gentleman's real name.
Given the feelings of most Americans, somebody with Kiddie porn is 'more deserving' of an early morning SWAT raid than most drug dealers.
Personally, I'm more the type of 'station a camera; visit the house when you go to work' type, if there's concern about possible violence. Then I pick you up at work.
SWAT style invasions will be saved for drug houses* that are effectively never unoccupied, and even then I'd probably wait until it's at 'minimum manning'. SWAT raids on fully occupied dwellings shall be saved for hostage/slave/abuse scenarios where human suffering is highly likely to be reduced if we go in *RIGHT NOW*.
*I'll note that even though I support the legalization of drugs, said legalization would involve moving distribution to legitimate channels, thus a few drug houses would still need to be busted.
I don't read AC A human right
I saw a special on this once. A group went around collecting any old mattress they could find, 'sanitized' it, sowed on a new cover, and resold it.
The problem was that their 'sanitization'* wasn't enough to stop bedbugs, and their cover wasn't impermeable to them. Most of the beds picked up were infested, and what ones weren't were often infested by contact with the other mattresses.
I can see a jurisdiction taking a look at the process and banning the business to try to stop the spread of lice/mites/bedbugs. As a moderate libertarian I think it's the wrong move, but I also believe that selling beds very likely to be infested, not warning buyers that they're likely to be infested, and engaging in essentially useless sanitization efforts to be criminal deception. Basically, if you're going to be sanitizing a bed, you'd better sanitize it. Bake it in an 200F oven for 3 days; subject it to a hard vacuum for 48 hours, whatever it takes. But that's expensive, and new mattresses don't cost much more; I could see it killing the business anyways.
*Which actually consisted of spraying it down with some sanitizer intended for hard surfaces that worked more like febreze than a proper bug killer.
I don't read AC A human right
very nice workaround :-D