Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Be Careful Of Your Updates! [Important Information]
#1
Even though files are deemed as updates, you should always check them for validity before installing them, or install at your own risk.

Recently there was an update for firefox from a fake firefox site

Code:
http:// firefox.perl .sh

File Info:
MD5: 9a6f87b4be79d0090944c198a68012b6

Originally, there were only 3 detections for it:
https://www.virustotal.com/file-scan/rep...1299783978
(Almost all of the great AV's were unaware of this file's malicious activity it looks like)

But after a while it became more known with AV's and it's detection rate raised up to 40/42 of the online built in scanners:
https://www.virustotal.com/file-scan/rep...1302561162

A friend of mine had this on his computer:
[Image: jed3dvny3.png]

A result of downloading this file.

The file appears to lock all application executions, as well as your entire Operating System from being used, and it prompts you with this message instead.

I took the file off his computer, and did some testing with it on my own unaware that this Ransomware would "release" itself after a while. Since there was an area for a key activation to allow you to access your Operating system again.

[Image: ieIgjhwu0.png]

Here would be your next screen. However all of those given numbers are invalid.

Testing this with a few debugging tools on my own machine gave me a key: 1351236 Which apparently is the real key to get back into your system. Each digit has to be entered into the textboxes.

However this would be a pretty dangerous file, the Ransomware actually gives you a valid key after quite a few tries I believe, with testing those numbers given of course, which was the only catch. It worked for some people but didn't for me.)

I was actually pretty intrigued at how the newer generation of trojans have become so diverse in human engineered malware. Also at how people came up with the idea to create a system locker like this is pretty frightening.

This exact file was also released as an adobe flash update executable from what i've read. All sites hosting this Ransomware have been removed by the bigger parties though I believe.
Reply
#2
Wow thanks for this..but I doubt that would happen on W7 anytime soon.
Reply
#3
I believe this was for Windows 7 as well. It was a Ransom Trojan that came out a few months back

The reason for those numbers given is because the trojan author will earn money from every call to those numbers (short stopping). Genius human engineering at it's finest...
Reply
#4
Thanks for the share dude, saved my ass.
Reply
#5
The way this trojan actually works, is that it encrypts all the files on your computer, and doesn't give them back until you enter their registration key. It doesn't just block you out of your system, it basically holds your files in a virtual "safe" and holds them "ransom".

[yt]http://www.youtube.com/watch?v=WyAmC6DPRzw#at=458[/yt]
Reply
#6
Wow, that's actually really cool if you think about it. Sucks for the person it happens too, but just the thought of the trojen it self is really quite amazing.

Thanks for the share =)
[Image: komnewsig.png]
Reply
#7
No problem, this is a really quite unique version of a ransom trojan. They can be one of the most dangerous trojans to get in my opinion.
Reply
#8
wow thanks for the share, it would suck if it happened to someone.
Reply
#9
It was pretty interesting when I encountered it and started to learn about it at first
Reply
#10
Now I get why they call it "Cyber Terrorism", they're holding your files hostage for money, how typical.

I have to admit, whoever came up with this is a genius, this could earn tens of thousands if spread in the right way, wow that's so amazing. It doesn't even damage your system either? It sounds like the creator of this, if he was to run by a hat, would be grey hat.

He / she's not doing it for malicious intentions but instead doing it for money, wow. That's one smart guy. I remember exploiting big sites just to replace their adds with mine, to generate me revenue, but this, is, amazing!
Extra: It would of been better if there was a possible way to have a unique code per machine so they have to call the numbers. Or have like 10 codes which work, it would then take people lots of time to realise they all work. Still genius work though.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Batch] Quick Drive Information Script (Created by AceInfinity) AceInfinity 17 7,248 02-09-2012, 08:10 AM
Last Post: AceInfinity
  BitLocker Drive Encryption [Information Guide 2] Sam 5 1,601 05-30-2011, 06:28 AM
Last Post: Sam
  Windows Information Batch File AceInfinity 0 1,401 05-20-2011, 11:49 PM
Last Post: AceInfinity
  [Information] Data/Bits/Binary groovybluedog 0 710 07-11-2010, 04:59 PM
Last Post: groovybluedog
  Important Run Commands zone 4 2,063 11-09-2009, 11:04 PM
Last Post: zone

Forum Jump:


Users browsing this thread: 1 Guest(s)