|
|
This topic comprises 2 pages: 1 2
|
|
Author
|
Topic: Yet another reason why people who use Internet Explorer are retards (ransom virus)
|
Brad Miller
Administrator
Posts: 17775
From: Plano, TX (36.2 miles NW of Rockwall)
Registered: May 99
|
posted 05-25-2005 09:03 PM
link
quote:
Trojan holds PC files for ransom
A unique new kind of malicious threat which locks up files on a PC then demands money in return for unlocking them has been identified.
The program, Trojan.Pgpcoder, installs itself on a vulnerable computer after users visit certain websites.
It exploits a known vulnerability in Microsoft's Internet Explorer (IE).
Net security firm Symantec said the program had not spread quickly, but was another example of rising criminal extortion activity on the net.
The malware - harmful software - was first identified by US net security firm Websense.
Ransom note
The program, once it installs itself unbeknown to a user, triggers the download of an encoder application which searches for common types of files on a computer and networked drives to encrypt.
When a file is encrypted, usually for security and privacy purposes, it can only be decrypted with specific instructions.
The trojan replaces a user's original files with locked up ones, so that they are inaccessible. It then leaves a "ransom note" in a text file.
Instructions to release the files are only handed over when a ransom fee is paid, according to Websense.
The electronic note left on the computer gives details of how to meet the demands via an online account.
"This attack is yet another indicator of the growing trend of criminals using technology for financial gain," said Kevin Hogan, senior manager at web security firm Symantec.
"This Trojan horse is certainly an example of using cryptography for malicious purposes.
"It is the equivalent of someone coming into your home, locking your valuables in a safe and refusing to give you the combination."
But because it is classed as a trojan, it does not send itself out to contacts that a user might have stored on a computer, like viruses. This limits its ability spread around to high levels, "in the wild", said Symantec.
Computer users are urged to ensure their anti-virus and security software is up-to-date.
| IP: Logged
|
|
|
|
David Stambaugh
Film God
Posts: 4021
From: Eugene, Oregon
Registered: Jan 2002
|
posted 05-25-2005 09:52 PM
This particular IE vulnerability was fixed in July 2004. Systems that are kept updated should not be vulnerable to it.
Another story about this trojan
quote:
Trojans used for online extortion
Joris Evers
CNET News.com
May 25, 2005, 10:35 BST
In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information.
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.
Even though this type of attack is not widespread at this point, Internet users should be aware of the threat, said Oliver Friedrichs, a senior manager at Symantec Security Response. "It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage," he said.
"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.
Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office files. It then encrypts the files, removes the originals and drops a note asking $200 (£109) for the encryption key, Friedrichs said.
A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.
Attackers could use email, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec's Friedrichs said.
Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."
For protection, users should run security software and make sure that their software is patched, Websense and Symantec said. The Internet Explorer flaw exploited to attack the user in the Websense case was patched in July last year.
The Websense customer was victimised two weeks ago. The Web sites involved in the attack have since been taken down.
========================================
Firefox users should take note of this and make sure they've updated to v1.0.4.
quote:
A Black Eye for Firefox Security
by Preston Gralla
May. 10, 2005
Another day, another Firefox vulnerability.
Ho hum. It's starting to feel old hat.
But the way that Firefox has responded to the latest threat (and previous threats) has given those in charge of the browser a black eye.
First, consider the newest vulnerability. This time around, it's serious --- "extremely critical" because the flaw in Firefox and Mozilla could allow malicious code to be executed on someone's machine when they visit a Web site. As I write this, there's no complete fix, but Mozilla is working on the problem.
In the meantime, you can protect yourself by disabling JavaScript by choosing Tools-->Options-->Web Features, and unchecking the box next to "Enable JavaScript". You should also disable Firefox's software installation feature by going to the same screen and unchecking the box next to "Allow web sites to install software". When you're done, click OK.
The problem here is that if you visit the Firefox front page, you'll find not a single word about the vulnerability. No warning. No explanation of the security issue. No details on how to protect yourself. Nothing. If you want to find out about it, you'll have to dig very deep on the Mozilla site to find the security advisory.
This just isn't good enough. Security holes are the price of success --- there will be more of them. But the Firefox team has to start fessing up publicly on its own Web site when there's a vulnerability, and give people instructions on how to protect themselves.
Preston Gralla is a well-known technology expert, and the author of Internet Annoyances and Windows XP Hacks, as well as more than 30 other books. He is also the editor of WindowsDevCenter.com and a freelance journalist and columnist.
[ 05-30-2005, 01:26 PM: Message edited by: Adam Martin ]
| IP: Logged
|
|
|
|
|
|
|
|
Bobby Henderson
"Ask me about Trajan."
Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001
|
posted 05-30-2005 03:13 PM
The fact some people are getting stung IE hole that was patched nearly a year ago underscores the fact most people are just terribly lazy when it comes to keeping their computer safe.
I'm sure nearly all of us have seen those surveys that find around 80% of computers are just wide open, unprotected. Most don't have any anti-virus software installed, even with free alternatives like AVG available. Worse, many users treat their computer systems like they would their garage or attic and just load and install any stray junk in there without regard to what effect it was going to have on the machine.
A friend of mine said I should run a side business rescuing infected PCs, but I laughed at the suggestion. If a person can't even be bothered to download a free anti-virus application or download free security updates, what makes anyone think they'll be willing to pay a respectable fee to get their computer back up and running? I've seen people running computers infected with spyware or trojans and they just live with it! It's no wonder identity theft and other crimes are such a "growth industry."
What really staggers me is how so many people rig up wireless routers without activating any of the security features. I have a friend in Edmond, OK who says he doesn't need a WiFi router. He just fires up his notebook and jumps on a neighbor's wide open connection. It's almost as good as getting free cable.
To get to the staggering point: a growing number of really bad criminals are using unsecured wi-fi home hotspots as their means to conduct Internet crimes. They can use the access point to unleash new viruses into the wild, conduct identity theft and even download child pornography. If the FBI or other law enforcement people trace the traffic, it just leads to that router's IP address -and not the criminal down the street with an open notebook computer.
IMHO, all Wi-Fi routers should have a default installation that requires users to activate secured encryption methods and log-in passwords. Once the default is set then a user can decide if he wants to make the connection open (like if he bought the router for a coffee shop or something).
The US Government, law enforcement agencies and the entire computing industry needs to realize many end users are simply not going to "get with the program" on computing security. This problem is already costing our economy many billions of dollars every year. I don't think those guys are doing nearly enough on their end to fight the problem. Personal user responsibility is still going to be a key element. But there are ways how to make it much more difficult for asshole criminals to do their shit.
| IP: Logged
|
|
|
|
|
|
Bobby Henderson
"Ask me about Trajan."
Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001
|
posted 05-30-2005 05:59 PM
My experiences of cleaning viruses out of computers belonging to friends and acquaintances has not gave me a good indicator that would be a great business to pursue.
The problem is you wind up with a struggle over what data the user may have to be willing to lose to get his computer fixed. Some spyware and malware will literally require you to reformat the hard drive, thus erasing everything on it. Too many people out there either buy or illegally download lots of applications and other stuff and have none of it backed up on other discs. If you have to struggle with friends over this issue, just imagine what kinds of arguments might arise with paying customers. It just seems a bit scary to me.
quote: John Walsh
if the wireless manufacturers configure their stuff to be 'secure' out of the box, most people wouldn't know enough how to get it to work
You're probably right about that. But then that would be a pretty sad statement to the level of sophistication possessed by the general public.
I'm certainly not the smartest guy in the world by any means. But I think it's pretty easy to set up a Wi-Fi router, enable WPA shared key encryption and even lock it down further so only notebooks of certain MAC addresses can gain a connection. The Linksys router I bought had easy to follow, illustrated instructions.
This is still only my opinion, but I think many of the folks out there just plugging in a router and letting it run unsecure are just copping out when they say it's too complicated to activate the security measures. Some of these folks have hard drive shares and things like that visible to anyone who connects. A vandal down the street could wipe out their computer's OS installation with just a few clicks. Scary.
quote: John Walsh
Also, it looks like few in Congress (or the Senate) know much about computers themselves. How can you write a law regulating something you don't understand?
As elected representatives, I think they should know something about the topic -or be replaced by others with more knowledge. This stuff is just too important to our business and daily lives to allow the ignorant complacency to continue.
Only 1 out 700 identity theft crimes are investigated. Law enforcement agencies are given very little in the way of resources to pursue this problem, even though it has arguably more dangerous potential against the general public than things like illegal drugs. Further, congress has actually sold itself out to interests who want nothing done about spyware (such as the direct marketing industry). Their "canned spam act" actually did more to help companies send spam. And many of those opt out links would launch harmful scripts to really screw up a computer.
I guess it's going to literally take the digital equivalent of a 9-11 disaster happening in Cyberspace before the powers that be wake up. When its millions of end users who get affected, but aren't among the elite buying $2000 tickets for political fund-raiser dinners, our elected officials apparently couldn't care less.
| IP: Logged
|
|
Randy Stankey
Film God
Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99
|
posted 05-30-2005 11:17 PM
I agree with Bobby. Most people are lazy and stupid when it comes to technology!
I really haven't got a problem with people who TRY to figure things out but get it wrong. I've got a BIG problem with people who don't try!
Viruses (and computer technology in general) may be complicated on the surface but they aren't THAT difficult to lean the basics of! Just go to the bookstore, buy a book an read it. Or, better still, Google on "virus". How friggin' hard can THAT be?!
No, I am thouroughly convinced that it's not that people CAN'T understand how viruses get into their computers. I belive that they REFUSE TO LEARN how viruses work!
People who refuse to try to understand something so simple are lower than whale shit on the bottom of the ocean! (And, I don't know ANYTHING that's lower than that! ![[Big Grin]](biggrin.gif) )
Normally, I say that people like that deserve what they get! If they don't take the time to learn how to stop viruses then they are just a bunch of CoddammMotherfuckinCocksuckin stoopit asswipes! If their computer blows up because they got a virus it's their OWN friggin' fault! I told you so! In this case, however, their ignorance screws up MY life! I have no tolerance for that!
Our computer network has software that monitors network traffic and looks for 2 things:
1) Is their virus software installed on the computer. (Mercyhurst uses Sophos, which is somehow "pingable".)
2) Is their any known virus traffic coming from a given port.
If a port on the network fails either one of those two tests it is disconnected.
That tends to stop a LOT of the viruse problems I have at work because of other peoples' ignorance but that STILL doesn't solve the problem when I'm not at work!
Friggin' Retards! ![[fu]](graemlins/fu.gif)
| IP: Logged
|
|
|
|
Leo Enticknap
Film God
Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000
|
posted 05-31-2005 01:51 AM
quote: Bobby Henderson
The fact some people are getting stung IE hole that was patched nearly a year ago underscores the fact most people are just terribly lazy when it comes to keeping their computer safe.
And another problem is that people who started using PCs in the '80s and '90s haven't fully understood the concept that software - especially Windows - is something which needs to be constantly updated rather than installed and then forgotten about. My father recently told me that he still uses the original version of XP that came with his Dell - it doesn't even have Service Pack 1 - on the basis that if it ain't broke, don't fix it; and in his experience, installing patches and updates tends to introduce new problems. I think that he only connects to the Internet via dialup to send and receive e-mail, so the chances of any virus, Trojan or spyware getting in for the brief time he's online through a very slow connection aren't high: but even so, if large numbers of people who have broadband connections take that line then it's not hard to see why this crap spreads so quickly. And the surprising thing is that Dad is by no means IT illiterate - his first computer was a CP/M machine (which used 8" floppies!) in the early '80s, at a time when it was virtually unheard of to have a computer in your home. Rather, I think it's a culture shift issue - software is evolving far more quickly than it used to and needs updating almost constantly, something which the previous generation of PC users can have trouble coming to terms with.
Agreed with Bobby about entering the PC repair/disinfection business - I've done it for a few friends and relatives, and the reaction when I have to break the news that they can kiss goodbye to their data is never nice.
| IP: Logged
|
|
|
|
Mark J. Marshall
Film God
Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002
|
posted 05-31-2005 03:05 PM
At AMC, we're forced to use the obnoxious WorkBrain.com web site for all of our scheduling and HR needs. Unfortunately, it was designed by retards (who I think, based on the size of the buttons they created, are also almost BLIND) who only know how to make a site work with Internet Explorer.
I found two bugs in their site's code so far that makes their site non-standards compliant (which is why it doesn't work with Firefox). One is cosmetic, but the other is functional. And when I called their home office to let them know, I got bounced around to someone who basically said "call AMC and tell them, and if they need to, they will call us."
I don't know. If it were me, I'd be interested to find out about bugs in my software, but apparently they aren't. This is one reason why so many people are stuck with IE.
| IP: Logged
|
|
|
|
All times are Central (GMT -6:00)
|
This topic comprises 2 pages: 1 2
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
Printer-friendly view of this topic