|
PC virus demands ransom
|
|
Senior Member
|
31. May 2006 @ 22:27 |
Link to this message
|
This is crazy -
Quote:
A NEW computer virus hijacks personal files ? then tries to blackmail PC users into paying a ransom for passwords to unlock them.
Victims are barred from their My Documents folder by the hackers? so-called ransomware.
The Arhiveus virus has swept the US but nurse Helen Barrow, 40, is believed to be Britain?s first victim.
She found her files replaced with a 30-digit password-protected folder.
A separate file warned her not to call cops and said she would only get a password to access her files if she bought drugs from an internet chemist, believed to be based in Russia.
Mum-of-two Helen, from Littleborough, Gtr Manchester, said: ?When it happened I felt sick to the core.
?I had lots of family photos and personal letters on the computer.
?To think others could have been looking at them was awful.?
Helen also feared she may lose coursework for her nursing degree.
IT expert Andy Sharples ? who rescued some of her files ? reckons that the virus had been downloaded from a pop-up ad.
article link - http://www.thesun.co.uk/article/0,,2-2006250274,00.html
[img]http://i29.photobucket.com/albums/c269/tabbylewis/idsoonerbeflying2.jpg [/img]
|
|
Advertisement
|
 |
|
|
Senior Member
|
1. June 2006 @ 10:57 |
Link to this message
|
|
Hahaha. That really sucks for the victems of the virus but i think that it's pretty clever. Pay me $100 or your PC will explode in 20 min! lol
|
Senior Member
|
3. June 2006 @ 09:47 |
Link to this message
|
|
ouch..im upgrading my virus software...lol
=pepsimaxx=
|
AfterDawn Addict
|
3. June 2006 @ 09:55 |
Link to this message
|
|
It's clever, until it happens to you, or your friends or family! What's clever about barring you from using your own PC?
Gif by Phantom69
 |
Senior Member
|
3. June 2006 @ 10:29 |
Link to this message
|
|
The fact that some people have the ability to do that makes them pretty clever.
|
|
janrocks
Suspended permanently
|
3. June 2006 @ 11:23 |
Link to this message
|
|
Not so much clever as they just have an understanding of active scripts...I wouldn't be surprised if this isn't just a "standard" virus tweaked to attack a different folder...Do you know if your pc is running malware right now?? Open a command prompt and type...
netstat -an | find ":6667"
If you get nothing then you are ok
If you get something like this....
TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED
How quick can you pull the plug?
Or is it just running an ident server for anybody doing a portscan?
netstat -an | find ":113 "
Again a blank line is good....but something like this...
TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
Time to pull the plug??
Kill any IRC clients before trying these....that's what the test is for...hidden irc clients, used by hijackers to steal your machine to attack others.. have fun
This message has been edited since posting. Last time this message was edited on 3. June 2006 @ 11:37
|
Senior Member
|
3. June 2006 @ 14:22 |
Link to this message
|
|
I'm clean. :)
|
Senior Member
|
3. June 2006 @ 14:59 |
Link to this message
|
|
Me too.
Thats sme knowledge there janrocks.
Arsenal! =D
|
AfterDawn Addict
|
3. June 2006 @ 15:12 |
Link to this message
|
|
Jan certainly rocks, doesn't she? One cool chick!
Gif by Phantom69
|
AfterDawn Addict
1 product review
|
4. June 2006 @ 07:12 |
Link to this message
|
|
Gave me a fright when It showed an established connection!, then I closed IRC then all was fine :)
-Mike
|
AfterDawn Addict
|
4. June 2006 @ 07:37 |
Link to this message
|
The Importance of the Limited User, Revisited
If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use.
By running Windows the way Microsoft ships it -- using the all-powerful administrator account -- you expose yourself to huge security risks. If a Trojan horse or virus makes it onto your machine while you're using an administrator account, it can get its hooks deep into the operating system (often without your knowledge.) However, by regularly using Windows under a limited account, you can safely avoid the vast majority of malware out there today, simply because the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example, that installation process fails.
I have written several times before about the importance of using non-administrator accounts on Windows, but the topic came up again on a talk show I was invited to speak on today (the Kojo Nnamdi Show on National Public Radio's WAMU American University Radio station) about online scams. As such, I'd like to point again to a recent blog post I wrote on "DropMyRights," a free program from Microsoft that makes it easier to run Internet browsers and other Internet-facing applications under less powerful user accounts.
Also, in last week's Security Fix Live online chat, a reader asked how he could keep his kids from installing programs and otherwise monkeying with his computer settings. I offered a quick-and-dirty tutorial on how to switch from using an administrator account to a limited-user account for everyday use. Basically, this uses the opposite approach from the DropMyRights program: All of the programs on your PC are run under a limited account, and the user is forced to supply a password before installing any program or run it as a user with full rights.
I thought it might be helpful to call special attention to that advice in a blog post for readers who may not have been able to join us for that chat:
Chances are that the user account you are using on your machine at the moment is the all-powerful administrator account (it might be named something else, but if you go to Start, Control Panel, and then User Accounts, you should see all of the accounts you have on the system. There are probably at least two accounts in there, one with administrator rights and another Guest account (which should be turned off: if it's not, turn it off). Assuming the main account is an administrator account (it will say so under the name), and that the only other account you have listed is an inactive Guest account, go ahead and create another administrator account. If you have kids or others who use the computer and you'd like to keep them from changing the settings on the machine, assign the administrator account a password (not one that your kids or other household users will guess but also one that you can safely remember (see our password primer for help here).
If you are the only one using your computer, you are using Windows XP, and you're relatively confident about the physical security surrounding the PC, it is actually safer to leave the administrator account without a password assigned to it. That's because Windows XP accounts with no passwords can only be used if you are physically in front of the computer: non-password protected administrator accounts in XP cannot be used for accessing the machine over a network.
Next, go to the main menu and enable "Fast User Switching," which should allow you to have more than one accounts logged in at the same time, so you if you need to you can toggle back and forth between the administrator account and the limited user account you're about to create.
Once you've created the second administrator account, change the account privileges of the one you are currently using. From the main User Accounts page, click on the admin account you're currently using and then click on the button that says "Change Account Type." Then switch it over to a limited account, and you should be all set. You will not be able to make any more changes to the system settings, however, until you log into the computer using the administrator account, so you'll notice a few of the options in the User Accounts menu are now no longer available to you.
If you want to try it out now, just download a piece of software and try to install it. It should fail. Now, if you right click on the file you downloaded and select "Run As" it will prompt you to select the account with administrator privileges and then for the password (assuming you've assigned one to the account). Enter both and you should be able to install the program, no problem.
go here to read it all
http://blog.washingtonpost.com/securityfix/2006/05/the_importance...
|
|
The_Fiend
Suspended permanently
|
4. June 2006 @ 07:57 |
Link to this message
|
Sophos Cracks Ransomware Trojan Code
Matt Chapman, vnunet.com 01 Jun 2006
Antivirus firm Sophos has cracked the password needed to unlock files held to ransom by the Archiveus ransomware.
A nurse in Greater Manchester became one of the first people in the UK to have her files encrypted by a ransomware program that demanded money before it would unlock them.
Users trying to access the files are directed to a new file containing instructions on how to recover the data.
"Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore," the file says. "Reporting to police about a case will not help you, they do not know the password."
The letter also warns people not to report the contact email address unless they want to risk losing touch with the blackmailers and never getting their files back.
However, experts at Sophos have disassembled the Archiveus Trojan, also known as MayAlert, and recovered the password which is:
mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw
Read the rest @ http://www.vnunet.com/vnunet/news/2157399/sophos-cracks-ransomwar...
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 07:58
|
AfterDawn Addict
|
4. June 2006 @ 08:04 |
Link to this message
|
HP Hit With Funlove Virus Again
Company inadvertently distributed a virus with a printer driver, security vendor says.
Robert McMillan, IDG News Service
Friday, June 02, 2006
Hewlett-Packard yesterday pulled a printer driver from its Web site after security vendor BitDefender reported that the software was infected with the same computer virus that infected HP's drivers more than five years ago.
Advertisement
A BitDefender partner notified the security vendor of the infected driver software earlier this week, and the company's security researchers soon determined that it had the same Funlove virus that had plagued HP in December 2000.
BitDefender notified HP of the problem on Wednesday and the infected printer driver was removed from HP's Web site early Thursday, said BitDefender spokesman Vitor Souza.
Until then, the virus was being distributed with the Korean version of the Windows 95/98 driver for HP's Officejet g85 All-in-One printer. HP no longer sells the all-in-one printer, and the current antivirus products are able to block it. So while the oversight is an embarrassment for HP, it's unlikely that many users were affected by Funlove.
Similar Situation
Previously, HP had inadvertently distributed the Funlove virus in Japanese printer drivers that were made available on the company's Web site. Souza believes that HP most likely neglected to remove this particular infected driver back in 2000. "Its just like nobody had run a test against antivirus [software]," he said.
Even for users who fall prey to the virus, the consequences are not severe.
When it gets installed, the Funlove pops up a text message that reads "Fun Loving Criminal," and then attempts to reboot the PC. On Windows NT machines, it attempts to change system settings so that files that can normally be seen only by administrators are visible to all.
HP executives were not immediately available to comment for this story.
BitDefender is owned by Softwin SRL, based in Bucharest, Romania.
http://pcworld.com/news/article/0,aid,125955,00.asp
|
AfterDawn Addict
|
4. June 2006 @ 08:06 |
Link to this message
|
McAfee AVERT Stinger
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
How do I use Stinger?
The Stinger for W32/Polip can be found here
1. Download v2.6.0 [1,144,839 bytes] (4/5/2006)
2. NOTE: The file has been renamed to circumvent anti-stinger tactics used by Sober.r Download ePOStg256.Zip EPO deployable version (for EPO administrators). Instructions for EPO 2.5X and EPO 3.X are available.
3. This version of Stinger includes detection for all known variants, as of February 2, 2006:
Variant Names:
BackDoor-AQJ BackDoor-ALI BackDoor-CEB
BackDoor-JZ Bat/Mumu.worm Downloader-DN.a
Exploit-DcomRpc Exploit-LSASS Exploit-MS04-011
HideWindow IPCScan IRC/Flood.ap.dr
IRC/Flood.bi.dr IRC/Flood.cd NTServiceLoader
ProcKill PWS-Narod PWS-Sincom.dll
W32/Anig.worm W32/Bagle@MM W32/Blaster.worm (Lovsan)
W32/Bropia.worm W32/Bugbear@MM W32/Deborm.worm.gen
W32/Doomjuice.worm W32/Dumaru W32/Elkern.cav
W32/Fizzer.gen@MM W32/FunLove W32/IRCbot.worm
W32/Klez W32/Korgo.worm W32/Lirva
W32/Lovgate W32/Mimail W32/MoFei.worm
W32/Mumu.b.worm W32/MyDoom W32/MyWife.d
W32/Nachi.worm W32/Netsky W32/Nimda
W32/Pate W32/Polybot W32/Sasser.worm
W32/Sdbot.worm.gen W32/SirCam@MM W32/Sober
W32/Sobig W32/SQLSlammer.worm W32/Swen@MM
W32/Yaha@MM W32/Zafi W32/Zindos.worm
W32/Zotob.worm
4. When prompted, choose to save the file to a convenient location on your hard disk (such as your Desktop folder).
go here to download
http://vil.nai.com/vil/stinger/
|
AfterDawn Addict
1 product review
|
4. June 2006 @ 08:06 |
Link to this message
|
|
Nice find there, Dan.
-Mike
|
|
The_Fiend
Suspended permanently
|
4. June 2006 @ 08:12 |
Link to this message
|
|
Anyone that wants to keep up to speed on security problems and fixes should just go and find Packet Storm Security, they're always listing the newest holes and offering links to the newest stories on IT security.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
AfterDawn Addict
|
4. June 2006 @ 08:20 |
Link to this message
|
The_Fiend
no need to as my pc is behind a pix firewall,your pix
this is pasted on both sides of my puter,no virus or cockroaches can get in.
|
|
UK_Gamer
Suspended permanently
|
4. June 2006 @ 08:21 |
Link to this message
|
|
I have a problem too!
I turn my pc on and when i get past the password on mcafee i get asked to allow access to a windows programme and I deney it, it then disables my firewall. Then when I access the internet I'm being asked to grant windows internet access in order to get onto the web, if I deney them my connection is at a speed of 1k-25k.
|
|
The_Fiend
Suspended permanently
|
4. June 2006 @ 08:24 |
Link to this message
|
|
ireland, don't make me come over there and smack ye with a rolled up Sinn Fein flag...
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
AfterDawn Addict
|
4. June 2006 @ 08:26 |
Link to this message
|
|
|
|
UK_Gamer
Suspended permanently
|
4. June 2006 @ 08:29 |
Link to this message
|
|
fiend, Ireland is a an informer we should tell them they have another denis donaldson among their ranks!
BTW south of the border that was a joke!
This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 08:31
|
AfterDawn Addict
|
4. June 2006 @ 08:42 |
Link to this message
|
The_Fiend
ye pix is the best virus catcher i seen in a long time,
i is going to send ye pix to all my enemy's by slingshot........
|
|
janrocks
Suspended permanently
|
4. June 2006 @ 08:53 |
Link to this message
|
|
Anybody want a quick n dirty check for about 20 Win32 variants in XP..try bringing up task manager <ctrl>+<alt>+<del> If it doesn't start you have a problem..
Does somebody know why an xp machine is/seems to be.. by default running Apache??, and more than one instance of it?????
Great pics again there ireland, but I think your firewall needs some attention..it's paper thin ..lol
This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 08:55
|
|
The_Fiend
Suspended permanently
|
4. June 2006 @ 08:53 |
Link to this message
|
By slingshot ? by god, are ye stuck in the stone age or something ?
Use a spudgun :
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
|
Advertisement
|
|
|
|
janrocks
Suspended permanently
|
4. June 2006 @ 08:58 |
Link to this message
|
hey it's the 21st century..try a real hi tech solution...
This message has been edited since posting. Last time this message was edited on 4. June 2006 @ 09:02
|
