 Scareware Turns Ransomware, new technique employed by Vundo |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Mar 23 2009, 06:58 AM
Post
#1
|
|
 Bleepin' Janitor  Group: Global Moderator Posts: 18,905 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513  |
QUOTE Security researchers from FireEye warn of a new dangerous technique employed by the Vundo trojan in order to push worthless system tools. A malicious component encrypts personal documents on the affected systems and the users are forced to pay for software that decrypts them...A malicious component dropped by Vundo first scrambles documents with common extensions, such as .pdf, .doc, .jpg, etc. and renders them inaccessible. The trojan then advertises a program called FileFix Pro 2009, which is able to decrypt the files, after a license is acquired, of course. This basically transforms the concept of "scareware" into "ransomware."... news.softpedia.com blog.fireeye.com How to remove FileFix Pro -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2010  Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
 |
 
|
|
Mar 23 2009, 09:15 AM
Post
#2
|
|
 Computer Masochist Group: Moderator Posts: 26,670 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
I've already seen a few in AII
-------------------- Mark
 why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
Mar 23 2009, 04:34 PM
Post
#3
|
|
|
Indecisive Lurker Group: Members Posts: 1,262 Joined: 14-February 08 From: A galaxy far, far away... Member No.: 190,231 |
Oi......things are sure being taken to the next step these days.....
-------------------- Posting lurker of bleepingcomputer.com
Because I post more than I lurk |
|
|
|
|
Mar 24 2009, 01:10 PM
Post
#4
|
|
 Member Group: Members Posts: 120 Joined: 10-February 08 From: New England, USA Member No.: 189,491 |
Just curious. Does the "kidnapper" deliver after the ransom is paid or is the victim left with a lighter wallet and destroyed files?
Regards Nawtheasta |
|
|
|
 Mar 24 2009, 03:43 PM
Post
#5
|
|
 Security Reporter Group: Members Posts: 509 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107 |
More links below including free decryption tool
Vundo is one of the most prevalent malware agents encountered in-the-wild. A new version will encrypt eligible data file types on a PC and try to trick users into paying to restore files. Symantec offers a free cleaning tool as noted at the bottom that will unencrypt these files. Vundo - New Ransomware Version encrypts files https://forums2.symantec.com/t5/blogs/bloga.../article-id/255 QUOTE: Symantec received news of a new twist in the behavior of Trojan.Vundo. Instead of simply pushing misleading applications and other threats onto the infected computers, it seems the authors of Vundo have taken a more direct hand in revenue generation. Rather than just frightening you into believing that you may have problems or threats present on your computer, Vundo now drops a file named fpfstb.dll that attempts to make sure that you do encounter problems on your computer. Once the files are encrypted, it starts to display messages stating that certain files on the computer are corrupted. If the user attempts to open any of the encrypted files, a message will also appear saying that the file is corrupt. In both windows, a repair option is available. If the user clicks on repair, a browser window will open to the domain filefixpro.com (now offline). This site offers a program named FileFix Professional (detected as FileFixProfessional), which is supposed to repair the corrupted files. Of course, FileFixPro is not a free application, so you are expected to pay in order to license it for use. FileFix Professional is obviously not what it is cracked up to be—it is, in fact, just another part of this whole scam—it only decrypts the files that its partner in crime (Trojan.Xrupter) has encrypted. Symantec's free cleaning and decryption tool to restore encrypted files http://www.symantec.com/content/en/us/glob.../FixXrupter.exe This post has been edited by harrywaldron: Mar 24 2009, 04:18 PM -------------------- |
|
|
|
|
Mar 24 2009, 04:38 PM
Post
#6
|
|
|
Computer Masochist Group: Moderator Posts: 26,670 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
Thanks for the link
-------------------- Mark
why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 02:41 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.