New Ransomware Poses As A Windows Update

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.
While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

Hardly news..

[dimethylxanthine]

Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D

Re: Hardly news..

Satya, is that you?

Re:Hardly news..

[K.+S.+Kyosuke]

That would be "New Windows update poses as ransomware", right?

Re: Hardly news..

[belthize]

I still struggle to understand the portion of the brain that drives tribalism. It gives rise to a long list of the rather irrational emotional responses of
- my sports team great your sports team bunch of cheating losers even though they're statistically identical.
- My religion good yours bad even though to an outside they're nearly indistinguishable except you spin clockwise rather than counter clockwise on alternate Tuesdays.
- My political party good yours bad even though neither is driven by anything other than the self interests of the party itself and their leaders.
- My OS good yours bad even though they're simply very complicated hammers for different nails.
- My race good your race bad even though genetically they're indistinguishable.

Some people simply seem to have a brain with stronger response wiring. From an evolutionary standpoint there's utility in having such varied response since it affects churn rate when two populations come into contact, still it'd be nice if we could tamp it down some, it's sliding from useful to dangerous in terms of utility.

Re: Hardly news..

[Applehu+Akbar]

There's another Unix-based operating system out there, you know.

Re: Hardly news..

How do you know it wasn't a Mac user??

Re: Hardly news..

I'd rather get fucked in the ass over and over again for days on end with a rusty knife

Yes, but you're quite used to that if you use Windows 10... At this point it's called a habit.

Re: Hardly news..

The only thing I hate more than ransomware is god damn sock puppets.

Re: Hardly news..

FreeBSD?

Re: Hardly news..

I'd rather get fucked in the ass over and over again for days on end with a rusty knife

Right this way sir. Your room is ready. I hope your experience is everything you expect it to be.

Re: Hardly news..

OS X, err... I mean macOS

Re: Hardly news..

So much edge, so much vulgarity, much surprise.

After decades of disgusting porn, animal cruelty, live-streamed murders, and people spreading their assholes open, THIS is what's going to get us. Good job, troll. I shall collect the tears of all the posters here and send them in a gift-wrapped tupperware container, just for you.

Re: Hardly news..

Sweet tourettes dude, how's that working out for you in mom's basement lol. In the real world, while windows has its obvious drawbacks, it keeps millions of us gainfully employed, love it, hate it, it still pays the bills

Re:Hardly news..

[StillAnonymous]

"New Microsoft Malware Poses as Operating System"

Re: Hardly news..

I'd rather get fucked in the ass over and over again for days on end with a rusty knife

Yes, it's obvious how that worked out for you. You have grown to like it. Good for you.

Re: Hardly news..

[Zontar+The+Mindless]

Do you really enjoy talking to yourself so very much?

Re: Hardly news..

[OneHundredAndTen]

Take your Valium and go back to sleep. You are not in any shape for this kind of stress.

Re: Hardly news..

[Cariset]

It's Kipling's law of the jungle, which reads the same forward and back:
"the pack is the strength of the wolf, and the wolf is the strength of the pack."

I think it's analogous to how we Earthlings don't just rely on abstract logic to reproduce our genes, but instead have strong, inbuilt, irrational urges that drag us in that direction whether our reason think it wise or not. We can work around it, we can rationalize our actions, but it's still lurking the in the bottoms of our brains.

Having a tribe that will join together to defend you is a huge deterrent to an attacker. Unless the atracker can manage to isolate their target and sever their social bonds. (E.g., abusive relationships, and the discussion of slavery in "Debt: the first 5000 years".)

Them's my two cents, anyway. :-)

Re:Hardly news..

Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D

Yeah, I was thinking much the same thing. How is this different from the real thing(TM)?

Re: Hardly news..

[runningduck]

Are you trying to draw a parallel between people who have a beef with Microsoft with racists?

- My OS good yours bad even though they're simply very complicated hammers for different nails.
People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.

- My race good your race bad even though genetically they're indistinguishable.
One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!

Re: Hardly news..

[ihtoit]

wow, that went sideways fast, huh?

Re: Hardly news..

[ihtoit]

oh, wow, ok, simple test: 1394 support. Windows 10? Only if you can get the legacy driver from xp to work. Linux? Plug it in and rock on.

When you have to plug in a curse every other word, you've already lost...

Re: Hardly news..

STFU little boy.

Re: Hardly news..

Back in June I installed Linux Mint 18. It was the most seamless, flawless OS installation I have ever had the pleasure of going through in my 39 years of computer use. It took 20 minutes and did not require me to manually install or configure anything. All hardware just worked "out of the box" and this was on a freaking laptop where you would normally expect to have to do a bit of driver setup and tweaking. Even sleep mode works fine, which is still a problem on many Windows computers. As an added bonus, it has a superior UI (Cinnamon) and doesn't come with built-in malware that Windows has.

I would say that Linux now has better hardware support than any version of Windows, or any other OS for that matter. With Valve also backing Linux, software developers are beginning to fall into line as evident by the drastic increase of Linux software on Steam. Wine has also come a long way and will run most Windows software perfectly. Also, Linux doesn't crash when I plug my ebook reader in.

Re: Hardly news..

Except Linux based operating systems are the most widely used in the world. You yourself required the use of multiple Linux systems just to throw your uneducated, childish tantrum.

Re: Hardly news..

It looks more like he was questioning why AC got so butthurt over facts.

Re: Hardly news..

[khelms]

Yes, but I came here for an argument!!

OH! Oh! I'm sorry! This is abuse!

Re:Hardly news..

Effectively yes. I had to fix one broken and aborted Windows10 "upgrade", which had removed the write-permission from user's home directory files. The system was so broken that even the Windows 7's own desktop failed to load. It goes without saying that this "upgrade" was started without permission.

Re: Hardly news..

No you didn't!

Re: Hardly news..

[Archangel+Michael]

Tribalism is based on Evolutionary group behavior. Humans cannot really survive well as individuals in an evolutionary setting.

You cannot nullify millions of years of evolution by simply willing it away. So, while you "struggle to understand", I don't struggle to understand, because it is easy to understand. It isn't an "irrational emotional response", it is bred into us, and is pure instinct, just like breading itself is.

The other option to this is that we are not millions of years old evolutionary creatures, but are a creation of a deity, much much younger. And as a creation, then we must argue over which creation story is correct, and thus begins the "tribalism" that occurs over such arguments.

Personally, I like to think that tribalism is neither good nor bad, but how things "are". My tribe (aka Family) exists, my choice of friends (alliances) extends my tribe. I get along with some other tribes, and I don't get along with some other tribes. It isn't binary, but often appears that way.

My particular view is also one of the reasons why I am a Libertarian. Because, as long as your tribe leaves my tribe alone, to live as we see fit, and I do the same, I really don't care what god you believe in, what OS you use, what race you are. The problem are those people who DO care what others believe, and do ... and demand that I follow their rules.

Re: Hardly news..

[Archangel+Michael]

One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!

You mean like the SF quarterback who is among the %01, raised by white parents when his black parents abandoned him, complaining about being "oppressed"?

IF there are systemic impediments that create an uneven playing field, it is by those who keep insisting that there are impediments even in the face of all the proof in the world that such things do not exist, because the belief is what is holding these people back.

Or, think of it this way, the whole DNC "you can't make it because rich white people are keeping you down and you need our (DNC) help" is patently offensive and racist. Partly because it is run by "rich white people" telling poor black people they need rich white people's help. If that isn't fucking racist, I don't know what is.

Re: Hardly news..

[belthize]

I get the evolutionary cause for tribalism, I mentioned it. I also understand the need for variance in tribal response since it effects churn rates.

What I struggle to understand is the variance and how to tackle it. When faced with somebody who has a strong tribal impulse most people's response is to simply ignore them or yell back louder, neither is effective.

One of the interesting (to me) changes in the past 20 years is the impact the internet has had on tribalism and 5 sigma personalities. 30 years ago people with very strong delusional or paranoid proclivities tended to be isolated. If they lived in a town of 100K they were unlikely to meet very many people who shared their views. Theoretically they could now link up with the set of all people who shared their views. It makes them much stronger forces since they can work in concert.

The internet is now enabling tribal linkages between individuals who historically would have been isolated given their deviation from norm.

Note, I'm not casting anything as good or bad, simply as 'is' (apologies to Bill for appropriating his word).

Re: Hardly news..

[Nunya666]

Are you trying to draw a parallel between people who have a beef with Microsoft with racists?

My OS good yours bad even though they're simply very complicated hammers for different nails.

People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.

This I agree with.

My race good your race bad even though genetically they're indistinguishable.

One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!

This is completely wrong. A race does not "instill systematic impediments" - individual people do that.

Note that I'm not trying to say that racism is good or bad. I'm just pointing out that your argument has no merit.

Re: Hardly news..

[runningduck]

"This is completely wrong. A race does not "instill systematic impediments" - individual people do that." OK, I stand corrected: individual of a specific race instill systematic impediments.

"Note that I'm not trying to say that racism is good or bad." I would hate for you to go out too far on such a moral limb.

Re: Hardly news..

[Archangel+Michael]

Gotcha.

The internet is creating links between people who otherwise wouldn't get those links in their own "local" tribe. The problem here is that technology we use to connect with others that we like (our tribes), is also used by people who connect up with people they like (their tribes). And while the internet has connected the world up, it is also caused us to disconnect from those around us.

The net positives (Progress) outweighs the negatives (previously isolated "nuts" are now forming their own tribes). You are one of those that simply wants those people to be isolated from the benefits of a globally connected world.

It allows ISIS to recruit and Doctors to collaborate. There is no solution that prevents bad things from happening, just a choice between which bad things are more acceptable. Again, this is part of why I am a Libertarian, you cannot prevent all bad things from happening, and liberty is best for everyone.

Re: Hardly news..

[belthize]

Interesting conversation though I think you're misconstruing my noting a characteristic as passing judgement on it.

In no way was I implying subjective good or bad net effect, just that it has a negative impact in some area. I personally believe the net effect is exceedingly positive but with it comes a rather interesting downside, driven by evolutionary tribal responses which predate the current environment by millions of years.

All in all I suspect we're in agreement.

Find'm, KIll'm

No reason people who create/operate this kind of stuff should not be hunted down and summarily executed.

Re:Find'm, KIll'm

[Applehu+Akbar]

No reason people who create/operate this kind of stuff should not be hunted down and summarily executed.

The FBI operates in all countries outside of ISIS territory now, and can be invoked to do your bidding so long as you can show that the ransomware violated someone's copyright.

Re:Find'm, KIll'm

[Opportunist]

You know, it's kinda funny that there's not yet a service where someone who knows that kind of trash would grab them, hang them from their toes and sell viewing rights to see them being tortured for a few hours.

Send 1 bitcoin and watch the ransomware asshole being sliced millimeter by millimeter, starting at the soles of their feet...

Why are unauthorized popups still a thing?

Seriously? Why is this allowed in modern web browsers? I haven't seen one in forever, though part of that may be my use of various addons like ad-blocks and No-Script.

It seems there's NO excuse at all, at ALL, for unauthorized pop-up windows nowadays.

Re:Why are unauthorized popups still a thing?

[Sigma+7]

Why are unauthorized popups still a thing?

The latest ones I encountered no longer do popups, but instead use Javascript to redirect the page to some third party website (or even a data:// url.)

Not technically popups, but still something just as trivial.

Seriously? Why is this allowed in modern web browsers?

Perhaps some Netscape 2.0-4.x developer thought it was a good idea to automatically execute anything on an HTML page - despite the well known examples of viruses that try infecting every Dos program, or every boot sector.

And the folks in Redmond say,

[jenningsthecat]

"Get off my turf, punk!"

Vultures

I hate people who do this. If you can write software, you can have a comfortable life without doing shit like this. What a waste.

Re: Vultures

I agree

Re:Vultures

[sbjornda]

To a adolescent brain

I don't think you understand the business model. These are not "script kiddies" (they don't exist any more). This is organized crime.

I was only 50th percentile.... I hated school. After the first 5 minutes of any given lecture, I could have taught the damn course.

This does not compute. Your professors didn't get where they were by being 50th percentile as undergrads.

--
.nosig

Re:Vultures

Depends on what country he is referring to. What he/she says is not true in the US. If he is living the US, his difficulties stem more from his attitude and personality than from lack of credentials. There are many ways to get a foot in the door, but most involve dealing with people, and his personality is a huge disadvantage there.

Re:Vultures

Take a look at geoskd's reply. Someone with a personality like that is going to have a very hard time having a comfortable life, regardless of his software skills.

Re:Vultures

Being unable to find work after the dot-com bust was difficult for anyone, it was a symptom of the economic downturn. That said, I can't understand how someone who "could have taught the course after the first 5 minutes of any given lecture" could be a 50th-percentile student.

Re:Vultures

So true, it is much easier to simple do what you are told and to make sure that you get it in writing from your manager.

Manager says "The customer is always right! So if the customer opens a ticket that says reboot the server, you reboot the server! You dont argue with the customer."

I get it in email, then at end of year when the sales guy opens a ticket saying "Reboot XXXXX Server, it is running slow" and XXXXX server is the main SAP accounting server. I reboot the server and screw the companies end of year reporting. When the shit hits the fan, I make sure that email from my manager is given to the CFO as well as the CIO.

Don't fight managers, just do what you are told. The rest will sort it self out. :P

Re:Vultures

Not without credentials you can't, and in this country, going to college to get those credentials is a huge financial burden, and upon graduation, people can expect to face severe wage stagnation, growing competition from temporary foreign workers, and a hiring structure that makes it difficult for anyone except the top 10% to even get an interview most places.

I work as a software engineer in the US, and I only have a high school diploma. In fact I am the lead on my team in a company of 6000 people.

Re:Vultures

[ihtoit]

corporate Darwinism at its best, right there. :)

Re:Vultures

Not without credentials you can't,

Write an app that earns money. Write a few more. Now you're hireable as a sw developer - the credential being how you're already earning good money on sw.

So how do we expose ourselves to the threat?

TFA misses the most important part of the story. What is it we might do that exposes us to this malware?

(Apart from running Windows that is)

As far as I know my browser cannot access my files so nothing on the web I click on can cause this problem. In theory.

If there is a buggy browser that allows this I want to know which it is.

Anyone have a link to the ransomware site?
 

Win10 has obligatory auto updates, no?

So within a few minutes everyone'll have updated AV definitions, won't they?

Re:Win10 has obligatory auto updates, no?

AV won't stop idiots clicking "OK" on an OS designed by/for idiots.

Re:Win10 has obligatory auto updates, no?

AV *will* stop idiots clicking "OK". The "OK" dialog is the normal behavior without AV. If your AV doesn't kick in when you click OK to install malware, or doesn't block the dialog from appearing in the first place, then your AV is not doing anything.

Re:Win10 has obligatory auto updates, no?

Why is "OK" an option on something identified as a virus?

Anything that risky should require a series of interactive command line overrides and registry edits.

'Once a user decides to apply the update'

Does your browser not allow you to download executable software from the internet and then choose to run it? That's what's happening here. People are dumb enough to say "oh this web page says I MUST download something and then click through all the warnings telling me I'm about to run software from the internet, but since I'm a total dumb ass I'm going to do just that anyway." No clever exploits needed (other than navigating to the bullshit warning page in the first place).

Re:'Once a user decides to apply the update'

Why yes it does.

But haven't we had two decades to learn not to do that?

Or perhaps if people still do that, perhaps browsers should not make it so easy. Like, not do it.

As it happens I do download code from the net with a browser. Generally I only do so from web sites I have a little trust in. Say nodejs.org. Even then I have to do some work to unpack and install it. Like become root, put the stuff on my PATH and so on.

That is not fool proof of course. Who knows if such "trusted"providers have not been compromised.

But then, everything on my machines of any importance is replicated in many places. github, bitbucket, dropbox, my other machines. If anyone gets to encrypt files on this machine and ask for money it can all be wiped and a new OS installed in minutes.

Even that is not ultimately safe. But I invite anyone to try their luck.

Re: 'Once a user decides to apply the update'

Your invitation rings hallow mr anon. Perhaps if we had your IP address we can show you the errors of your ways.

Re:'Once a user decides to apply the update'

The scary ransomwarez which are showing up randomly encrypt one file here, one file there.
Also hiding the encryption by making the key available to you.

Then, several months later, it has spread to your backup.

Then they recall the key.

Have fun coming back from that.

Backups

This is what backups are for.

Whew!

Glad I already stopped downloading Windows updates! Yes, this bad.

Re:Whew!

It's still less damaging than the recent windows updates.

You have it backwards

Swap windows update and ransomware.

Headline wrong

Should be "New Windows Update Poses As Ransomware"

Which attack vector? Drive by website? Email?

[ziani]

That would seem to be important, no?
Thanks.

P.s. TFA does not specify.

Re:Which attack vector? Drive by website? Email?

There's already a thread about this. No need to start a new one.

Re:Which attack vector? Drive by website? Email?

[lytlebill]

Looks like a standalone executable, from this article on Bleepingcomputer:

http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/

Re:Which attack vector? Drive by website? Email?

[ziani]

Thank you!

But I thougt...

Windows Update itself is malware?

Re:But I thougt...

[Opportunist]

No, c'mon, stop the propaganda. Windows is very well capable of this feat even without any updates!

Game changer?

[manu0601]

Is it a game changer? Previously, ransomwares were encrypting your files silently in the background, and now it does the same while displaying a Windows update box. No big change.

Ironically,

[God+of+Lemmings]

It only forces you to pay once, while the actual windows 10 update forces you to pay continually.

Well the good news is...

[The_Revelation]

Anyone affected has a pretty good case to have Microsoft reimburse them for any losses - after all, MS has been using these exact same tactics for the past year, so at this stage, users won't hesitate to run anything MS sends them - particularly if it carries the promise of finally fixing some of these game-breaking bugs that have been thrust upon us my our most gracious overlords at Microsoft - also, Windows 10 is SO secure, it would never let the cryptolocker run - and certainly not in the background.

Re:mod doIwn

If you don't know how to translate your vernacular into English, try to ask someone on facebook to translate it for you. My brain almost short circuited after reading your post.

captcha check for this post was funny: resistor

CTRL-F4?

You mean ALT-F4?