BleepingComputer.com: Scareware Turns Ransomware

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Scareware Turns Ransomware new technique employed by Vundo

#1 User is online   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,095
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 23 March 2009 - 06:58 AM

Quote

Security researchers from FireEye warn of a new dangerous technique employed by the Vundo trojan in order to push worthless system tools. A malicious component encrypts personal documents on the affected systems and the users are forced to pay for software that decrypts them...A malicious component dropped by Vundo first scrambles documents with common extensions, such as .pdf, .doc, .jpg, etc. and renders them inaccessible. The trojan then advertises a program called FileFix Pro 2009, which is able to decrypt the files, after a license is acquired, of course. This basically transforms the concept of "scareware" into "ransomware."...

news.softpedia.com
blog.fireeye.com
How to remove FileFix Pro
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#2 User is offline   garmanma 

  • Computer Masochist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Staff Emeritus
  • Posts: 27,809
  • Joined: 27-January 07
  • Location:Cleveland, Ohio

Posted 23 March 2009 - 09:15 AM

I've already seen a few in AII
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 User is offline   scff249 

  • Indecisive Lurker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,319
  • Joined: 14-February 08
  • Gender:Male
  • Location:A galaxy far, far away...

Posted 23 March 2009 - 04:34 PM

Oi......things are sure being taken to the next step these days.....
"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#4 User is offline   Nawtheasta 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 317
  • Joined: 10-February 08
  • Location:New England, USA

Posted 24 March 2009 - 01:10 PM

Just curious. Does the "kidnapper" deliver after the ransom is paid or is the victim left with a lighter wallet and destroyed files?
Regards
Nawtheasta

#5 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 24 March 2009 - 03:43 PM

More links below including free decryption tool

Vundo is one of the most prevalent malware agents encountered in-the-wild. A new version will encrypt eligible data file types on a PC and try to trick users into paying to restore files. Symantec offers a free cleaning tool as noted at the bottom that will unencrypt these files.

Vundo - New Ransomware Version encrypts files
https://forums2.symantec.com/t5/blogs/bloga.../article-id/255


QUOTE: Symantec received news of a new twist in the behavior of Trojan.Vundo. Instead of simply pushing misleading applications and other threats onto the infected computers, it seems the authors of Vundo have taken a more direct hand in revenue generation. Rather than just frightening you into believing that you may have problems or threats present on your computer, Vundo now drops a file named fpfstb.dll that attempts to make sure that you do encounter problems on your computer.

Once the files are encrypted, it starts to display messages stating that certain files on the computer are corrupted. If the user attempts to open any of the encrypted files, a message will also appear saying that the file is corrupt. In both windows, a repair option is available.

If the user clicks on repair, a browser window will open to the domain filefixpro.com (now offline). This site offers a program named FileFix Professional (detected as FileFixProfessional), which is supposed to repair the corrupted files. Of course, FileFixPro is not a free application, so you are expected to pay in order to license it for use. FileFix Professional is obviously not what it is cracked up to be—it is, in fact, just another part of this whole scam—it only decrypts the files that its partner in crime (Trojan.Xrupter) has encrypted.

Symantec's free cleaning and decryption tool to restore encrypted files
http://www.symantec.com/content/en/us/glob.../FixXrupter.exe

This post has been edited by harrywaldron: 24 March 2009 - 04:18 PM

Microsoft Security Journal

#6 User is offline   garmanma 

  • Computer Masochist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Staff Emeritus
  • Posts: 27,809
  • Joined: 27-January 07
  • Location:Cleveland, Ohio

Posted 24 March 2009 - 04:38 PM

Thanks for the link :thumbsup:
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users