Sign up for a new account or log in here:
also @ TechSpot: Gamers spend more money on iOS than dedicated handhelds
The latest trend in malware doesn’t just flood your computer with annoying advertising or attempt to steal your banking information. Instead, it quite literally locks a system down and prevents the user from doing anything on it unless a ransom is paid.
The most recent “ransomware” was detected by abuse.ch and uses a drive-by exploit kit called “Blackhole.” This cheap malware can be purchased via underground forums and infects systems through one or more security vulnerabilities in a web browser or plug-in like Adobe Flash Player, Adobe Reader or Java.
Once infected, the target system becomes locked and users are presented with a bogus region-specific message about why the system is locked and how they can regain control. The ransomware is currently targeting systems in Austria, France, Germany, the Netherlands, Switzerland and the UK.
The UK variety tells the user that illegally downloaded music has been detected on their machine and attempts to incite fear by highlighting penalties that could result from such material. In this example, users are urged to use PaySafe to transfer £50 ($80) to unlock the computer.
Once complete, the system is “unlocked” and unsuspecting users are none the wiser. But in addition to the ransom, this kit installs another piece of malware called Aldi Bot that is used to steal login credentials as well as initiate DDoS attacks.
The malware author is suspected to be of Russian descent since all of the domain names point to a Russian web provider.
As always, the best defense against drive-by attacks is to keep your browser, plug-ins and anti-virus protection up to date.
Briefcase image from Shutterstock.
User Comments: 30
Got something to say? Post a comment-
If only people didn't browse the internet and did pretty much anything on an administrator's account... I haven't had any serious issues with malware and viruses for years, the only crap I ever got was in the porn account [restricted, of course], which I had to wipe once, and problem sorted. And I download a lot of porn... [LOL]
-
Barry Kennedy said:
A) System Restore is the preferred backup method of viruses and malware, B) most really well-written malware will still load in safe mode by creating a virtual device driver to allow at least some basic functionality when running in safe mode, as well as to shield a portion of it's code from antivirus and anti-malware software.
MBAM isn't nearly as effective in safe mode, as many of the malware infection's components won't be loaded in memory, which is where most well-written exploits take place - in memory. Also, scanning a your drive in another (non-infected) computer (known as offline scanning) is almost completely useless.
MBAM is a great tool, but it's not 100 % effective, and even when it is remediation needs to take place to really clean the system and to close any holes created.
the best methods to protect yourself are:
A) Don't be stupid. Exercise some critical thinking skills before forking over your credit info.
B) frequent backups. Don't really on System Restore. It creates a perfect, encrypted place for viruses and malware to back themselves up, and the OS graciously re-infects itself.
C) Good anti-virus. And by good, I mean good. As in Avast! Free, or Kapersky.
D) Secure your browser...it is the number one infection point.
E) Sandbox, popup blockers, script blockers, flash blockers, etc.
F) Don't be stupid.
If you aren't in the IT field, you probably shouldn't hand out computer security advice, any more than I would ask a mechanic for medical advice. Most of the advice given here is just wrong, with a few exceptions.
I didn't cover every good, basic, common sense security tactic in my comments...but then you can use Google just as effectively as I can.
Google for example - "anti-virus real world protection scores" - it might be eye-opening. You could also try Googling "how can I protect my computer from malware"? Or, "how can I recover from a malware exploit"?
If you do get infected, you can usually head over to bleepingcomputer.com for some very good, very specific advice on how to remove a virus/malware infection the right way, and how to fix all of the traces left behind and problems created.
Finally, know your OS. Know ever executable that should be running on your computer. Learn how to use the task manager to kill processes that shouldn't be running. Learn how to disable things from starting up that shouldn't be starting up.
Most importantly, get a BartPE or WinPE boot disc (mini WIndows on a CD), and download a free copy of SysInternals Suite of tools, every tool of which will run in WIndows PE Autoruns will enable you to hack out almost any startup settings for nefarious programs, and prevent them from loading at startup, even mutating infections.
Nothing hides from Autoruns...not even malware/virus infections hidden as device drivers.
That advice is also nonsense. I've seen Norton Anti-virus ads used as droppers for malware infections.
-
[link] [image link]
-
A) System Restore is the preferred backup method of viruses and malware, B) most really well-written malware will still load in safe mode by creating a virtual device driver to allow at least some basic functionality when running in safe mode, as well as to shield a portion of it's code from antivirus and anti-malware software.
MBAM isn't nearly as effective in safe mode, as many of the malware infection's components won't be loaded in memory, which is where most well-written exploits take place - in memory. Also, scanning a your drive in another (non-infected) computer (known as offline scanning) is almost completely useless.
MBAM is a great tool, but it's not 100 % effective, and even when it is remediation needs to take place to really clean the system and to close any holes created.
the best methods to protect yourself are:
A) Don't be stupid. Exercise some critical thinking skills before forking over your credit info.
B) frequent backups. Don't really on System Restore. It creates a perfect, encrypted place for viruses and malware to back themselves up, and the OS graciously re-infects itself.
C) Good anti-virus. And by good, I mean good. As in Avast! Free, or Kapersky.
D) Secure your browser...it is the number one infection point.
E) Sandbox, popup blockers, script blockers, flash blockers, etc.
F) Don't be stupid.
If you aren't in the IT field, you probably shouldn't hand out computer security advice, any more than I would ask a mechanic for medical advice. Most of the advice given here is just wrong, with a few exceptions.
I didn't cover every good, basic, common sense security tactic in my comments...but then you can use Google just as effectively as I can.
Google for example - "anti-virus real world protection scores" - it might be eye-opening. You could also try Googling "how can I protect my computer from malware"? Or, "how can I recover from a malware exploit"?
If you do get infected, you can usually head over to bleepingcomputer.com for some very good, very specific advice on how to remove a virus/malware infection the right way, and how to fix all of the traces left behind and problems created.
Finally, know your OS. Know ever executable that should be running on your computer. Learn how to use the task manager to kill processes that shouldn't be running. Learn how to disable things from starting up that shouldn't be starting up.
Most importantly, get a BartPE or WinPE boot disc (mini WIndows on a CD), and download a free copy of SysInternals Suite of tools, every tool of which will run in WIndows PE Autoruns will enable you to hack out almost any startup settings for nefarious programs, and prevent them from loading at startup, even mutating infections.
Nothing hides from Autoruns...not even malware/virus infections hidden as device drivers.
That advice is also nonsense. I've seen Norton Anti-virus ads used as droppers for malware infections.
So, does this mean I should turn off my anti-virus (AVG), BEFORE I surf for porn.....?
-
Found this rather nasty little ploy attached to one of the many porn sites I frequent...
It pretends to be an INTERPOL announcement that you have been a very bad boy...
It locks up your computer and displays a page that demands a $ 300 payment to unlock it, with voice!
Not really easy to get rid of. Here's how I did...
I installed a second copy of windowsXP and booted to it.
Navigated to the locked up copy then dropped a shortcut to MSConfig.exe into the
my users startup folder. I then backed out and booted to the locked system. When MSConfig started, I then
SET "Selective Startup' and unclicked 'Load Startup Items', hit 'APPLY', 'OK'. Then it locked up.
(it took me more than one try...)
Once successful, it rebooted normally.
Found this item where it should NOT have been...
C:\Documents and Settings\<your user name>\Local Settings\Application Data\build.exe
This was the main workhorse for this pest.
other entries for it can be found here...
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Deleting this registry entry (the whole folder) will remove it from the 'Startup Items' list.
hklm\software\Microsoft\Windows\CurrentVersion\Shared Tools\MSConfig\startupreg\xA2oxSonRUjbG
Deleting 'Build.exe' will work, but I might try renaming an empty text file and setting the 'readonly/system' flags and
replacing the original.
Checking the properties if 'Build.exe' gave a clue to the origin.... "From Russia, with Love...."
characters, not these words.
(sigh)
Most Popular
| Trending | Featured |
-
Microsoft launches YouTube app, Google demands it taken down
-
Nvidia Shield arrives in June for $349, pre-orders open now (update)
-
Bill Gates is once again the richest person in the world
-
Asus' new lineup of Z87 Haswell motherboards revealed
-
Google, NASA join forces to build quantum computing laboratory
Featured on Cameras
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.