New Ransomware Poses As A Windows Update (hothardware.com)

← Back to Stories (view on slashdot.org)

New Ransomware Poses As A Windows Update (hothardware.com)

Posted by EditorDavid on Sunday August 28, 2016 @01:30AM from the blue-screen-of-ransom dept.

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.
While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

36 of 89 comments (clear)

Min score:

Reason:

Sort:

Hardly news.. by dimethylxanthine · 2016-08-28 01:34 · Score: 5, Funny

Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D
1. Re:Hardly news.. by K.+S.+Kyosuke · 2016-08-28 01:53 · Score: 1
  
  That would be "New Windows update poses as ransomware", right?
  
  --
  Ezekiel 23:20
2. Re: Hardly news.. by belthize · 2016-08-28 02:06 · Score: 3, Insightful
  
  I still struggle to understand the portion of the brain that drives tribalism. It gives rise to a long list of the rather irrational emotional responses of
  - my sports team great your sports team bunch of cheating losers even though they're statistically identical.
  - My religion good yours bad even though to an outside they're nearly indistinguishable except you spin clockwise rather than counter clockwise on alternate Tuesdays.
  - My political party good yours bad even though neither is driven by anything other than the self interests of the party itself and their leaders.
  - My OS good yours bad even though they're simply very complicated hammers for different nails.
  - My race good your race bad even though genetically they're indistinguishable.
  Some people simply seem to have a brain with stronger response wiring. From an evolutionary standpoint there's utility in having such varied response since it affects churn rate when two populations come into contact, still it'd be nice if we could tamp it down some, it's sliding from useful to dangerous in terms of utility.
3. Re: Hardly news.. by Applehu+Akbar · 2016-08-28 02:20 · Score: 1
  
  There's another Unix-based operating system out there, you know.
4. Re: Hardly news.. by Anonymous Coward · 2016-08-28 03:29 · Score: 1, Funny
  
  I'd rather get fucked in the ass over and over again for days on end with a rusty knife
  Right this way sir. Your room is ready. I hope your experience is everything you expect it to be.
5. Re:Hardly news.. by StillAnonymous · 2016-08-28 05:15 · Score: 1
  
  "New Microsoft Malware Poses as Operating System"
6. Re: Hardly news.. by Zontar+The+Mindless · 2016-08-28 07:25 · Score: 1
  
  Do you really enjoy talking to yourself so very much?
  
  --
  Il n'y a pas de Planet B.
7. Re: Hardly news.. by OneHundredAndTen · 2016-08-28 08:25 · Score: 1
  
  Take your Valium and go back to sleep. You are not in any shape for this kind of stress.
8. Re: Hardly news.. by Cariset · 2016-08-28 10:08 · Score: 2
  
  It's Kipling's law of the jungle, which reads the same forward and back:
  "the pack is the strength of the wolf, and the wolf is the strength of the pack."
  I think it's analogous to how we Earthlings don't just rely on abstract logic to reproduce our genes, but instead have strong, inbuilt, irrational urges that drag us in that direction whether our reason think it wise or not. We can work around it, we can rationalize our actions, but it's still lurking the in the bottoms of our brains.
  Having a tribe that will join together to defend you is a huge deterrent to an attacker. Unless the atracker can manage to isolate their target and sever their social bonds. (E.g., abusive relationships, and the discussion of slavery in "Debt: the first 5000 years".)
  Them's my two cents, anyway. :-)
9. Re: Hardly news.. by runningduck · 2016-08-28 13:09 · Score: 1
  
  Are you trying to draw a parallel between people who have a beef with Microsoft with racists?
  - My OS good yours bad even though they're simply very complicated hammers for different nails.
  People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.
  - My race good your race bad even though genetically they're indistinguishable.
  One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!
  
  --
  -rd
10. Re: Hardly news.. by ihtoit · 2016-08-28 14:56 · Score: 1
  
  wow, that went sideways fast, huh?
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
11. Re: Hardly news.. by ihtoit · 2016-08-28 14:58 · Score: 1
  
  oh, wow, ok, simple test: 1394 support. Windows 10? Only if you can get the legacy driver from xp to work. Linux? Plug it in and rock on.
  When you have to plug in a curse every other word, you've already lost...
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
12. Re: Hardly news.. by Anonymous Coward · 2016-08-28 19:02 · Score: 1
  
  It looks more like he was questioning why AC got so butthurt over facts.
13. Re: Hardly news.. by khelms · 2016-08-28 19:42 · Score: 1
  
  Yes, but I came here for an argument!!
  OH! Oh! I'm sorry! This is abuse!
14. Re: Hardly news.. by Archangel+Michael · 2016-08-29 04:05 · Score: 1
  
  One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!
  You mean like the SF quarterback who is among the %01, raised by white parents when his black parents abandoned him, complaining about being "oppressed"?
  IF there are systemic impediments that create an uneven playing field, it is by those who keep insisting that there are impediments even in the face of all the proof in the world that such things do not exist, because the belief is what is holding these people back.
  Or, think of it this way, the whole DNC "you can't make it because rich white people are keeping you down and you need our (DNC) help" is patently offensive and racist. Partly because it is run by "rich white people" telling poor black people they need rich white people's help. If that isn't fucking racist, I don't know what is.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
15. Re: Hardly news.. by belthize · 2016-08-29 04:21 · Score: 1
  
  I get the evolutionary cause for tribalism, I mentioned it. I also understand the need for variance in tribal response since it effects churn rates.
  What I struggle to understand is the variance and how to tackle it. When faced with somebody who has a strong tribal impulse most people's response is to simply ignore them or yell back louder, neither is effective.
  One of the interesting (to me) changes in the past 20 years is the impact the internet has had on tribalism and 5 sigma personalities. 30 years ago people with very strong delusional or paranoid proclivities tended to be isolated. If they lived in a town of 100K they were unlikely to meet very many people who shared their views. Theoretically they could now link up with the set of all people who shared their views. It makes them much stronger forces since they can work in concert.
  The internet is now enabling tribal linkages between individuals who historically would have been isolated given their deviation from norm.
  Note, I'm not casting anything as good or bad, simply as 'is' (apologies to Bill for appropriating his word).
16. Re: Hardly news.. by Nunya666 · 2016-08-29 05:22 · Score: 1
  
  Are you trying to draw a parallel between people who have a beef with Microsoft with racists?
  
  My OS good yours bad even though they're simply very complicated hammers for different nails.
  People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.
  This I agree with.
  
  My race good your race bad even though genetically they're indistinguishable.
  One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!
  This is completely wrong. A race does not "instill systematic impediments" - individual people do that.
  
  Note that I'm not trying to say that racism is good or bad. I'm just pointing out that your argument has no merit.
17. Re: Hardly news.. by runningduck · 2016-08-30 01:04 · Score: 1
  
  "This is completely wrong. A race does not "instill systematic impediments" - individual people do that." OK, I stand corrected: individual of a specific race instill systematic impediments.
  "Note that I'm not trying to say that racism is good or bad." I would hate for you to go out too far on such a moral limb.
  
  --
  -rd
18. Re: Hardly news.. by Archangel+Michael · 2016-08-30 03:18 · Score: 1
  
  Gotcha.
  The internet is creating links between people who otherwise wouldn't get those links in their own "local" tribe. The problem here is that technology we use to connect with others that we like (our tribes), is also used by people who connect up with people they like (their tribes). And while the internet has connected the world up, it is also caused us to disconnect from those around us.
  The net positives (Progress) outweighs the negatives (previously isolated "nuts" are now forming their own tribes). You are one of those that simply wants those people to be isolated from the benefits of a globally connected world.
  It allows ISIS to recruit and Doctors to collaborate. There is no solution that prevents bad things from happening, just a choice between which bad things are more acceptable. Again, this is part of why I am a Libertarian, you cannot prevent all bad things from happening, and liberty is best for everyone.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
19. Re: Hardly news.. by belthize · 2016-08-30 03:26 · Score: 1
  
  Interesting conversation though I think you're misconstruing my noting a characteristic as passing judgement on it.
  In no way was I implying subjective good or bad net effect, just that it has a negative impact in some area. I personally believe the net effect is exceedingly positive but with it comes a rather interesting downside, driven by evolutionary tribal responses which predate the current environment by millions of years.
  All in all I suspect we're in agreement.
Why are unauthorized popups still a thing? by Anonymous Coward · 2016-08-28 01:37 · Score: 1

Seriously? Why is this allowed in modern web browsers? I haven't seen one in forever, though part of that may be my use of various addons like ad-blocks and No-Script.
It seems there's NO excuse at all, at ALL, for unauthorized pop-up windows nowadays.
1. Re:Why are unauthorized popups still a thing? by Sigma+7 · 2016-08-28 02:54 · Score: 3, Funny
  
  Why are unauthorized popups still a thing?
  
  The latest ones I encountered no longer do popups, but instead use Javascript to redirect the page to some third party website (or even a data:// url.)
  Not technically popups, but still something just as trivial.
  
  Seriously? Why is this allowed in modern web browsers?
  Perhaps some Netscape 2.0-4.x developer thought it was a good idea to automatically execute anything on an HTML page - despite the well known examples of viruses that try infecting every Dos program, or every boot sector.
And the folks in Redmond say, by jenningsthecat · 2016-08-28 01:41 · Score: 1

"Get off my turf, punk!"

--
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Vultures by Anonymous Coward · 2016-08-28 01:45 · Score: 1, Insightful

I hate people who do this. If you can write software, you can have a comfortable life without doing shit like this. What a waste.
1. Re:Vultures by sbjornda · 2016-08-28 02:58 · Score: 4, Insightful
  
  To a adolescent brain
  
  I don't think you understand the business model. These are not "script kiddies" (they don't exist any more). This is organized crime.
  
  I was only 50th percentile.... I hated school. After the first 5 minutes of any given lecture, I could have taught the damn course.
  
  This does not compute. Your professors didn't get where they were by being 50th percentile as undergrads.
  --
  .nosig
2. Re:Vultures by ihtoit · 2016-08-28 15:02 · Score: 1
  
  corporate Darwinism at its best, right there. :)
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
So how do we expose ourselves to the threat? by Anonymous Coward · 2016-08-28 02:21 · Score: 1

TFA misses the most important part of the story. What is it we might do that exposes us to this malware?
(Apart from running Windows that is)
As far as I know my browser cannot access my files so nothing on the web I click on can cause this problem. In theory.
If there is a buggy browser that allows this I want to know which it is.
Anyone have a link to the ransomware site?
Re:Find'm, KIll'm by Applehu+Akbar · 2016-08-28 02:23 · Score: 1

No reason people who create/operate this kind of stuff should not be hunted down and summarily executed.
The FBI operates in all countries outside of ISIS territory now, and can be invoked to do your bidding so long as you can show that the ransomware violated someone's copyright.
Which attack vector? Drive by website? Email? by ziani · 2016-08-28 04:10 · Score: 1

That would seem to be important, no?
Thanks.
P.s. TFA does not specify.
1. Re:Which attack vector? Drive by website? Email? by lytlebill · 2016-08-28 05:52 · Score: 1
  
  Looks like a standalone executable, from this article on Bleepingcomputer:
  http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
2. Re:Which attack vector? Drive by website? Email? by ziani · 2016-08-28 09:45 · Score: 1
  
  Thank you!
Re:Find'm, KIll'm by Opportunist · 2016-08-28 04:23 · Score: 1

You know, it's kinda funny that there's not yet a service where someone who knows that kind of trash would grab them, hang them from their toes and sell viewing rights to see them being tortured for a few hours.
Send 1 bitcoin and watch the ransomware asshole being sliced millimeter by millimeter, starting at the soles of their feet...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:But I thougt... by Opportunist · 2016-08-28 04:25 · Score: 1

No, c'mon, stop the propaganda. Windows is very well capable of this feat even without any updates!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Game changer? by manu0601 · 2016-08-28 13:44 · Score: 1

Is it a game changer? Previously, ransomwares were encrypting your files silently in the background, and now it does the same while displaying a Windows update box. No big change.
Ironically, by God+of+Lemmings · 2016-08-28 16:23 · Score: 1

It only forces you to pay once, while the actual windows 10 update forces you to pay continually.

--
Non sequitur: Your facts are uncoordinated.
Well the good news is... by The_Revelation · 2016-08-28 17:04 · Score: 1

Anyone affected has a pretty good case to have Microsoft reimburse them for any losses - after all, MS has been using these exact same tactics for the past year, so at this stage, users won't hesitate to run anything MS sends them - particularly if it carries the promise of finally fixing some of these game-breaking bugs that have been thrust upon us my our most gracious overlords at Microsoft - also, Windows 10 is SO secure, it would never let the cryptolocker run - and certainly not in the background.