Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scareware Turns Ransomware


  • Please log in to reply
5 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 March 2009 - 06:58 AM

Security researchers from FireEye warn of a new dangerous technique employed by the Vundo trojan in order to push worthless system tools. A malicious component encrypts personal documents on the affected systems and the users are forced to pay for software that decrypts them...A malicious component dropped by Vundo first scrambles documents with common extensions, such as .pdf, .doc, .jpg, etc. and renders them inaccessible. The trojan then advertises a program called FileFix Pro 2009, which is able to decrypt the files, after a license is acquired, of course. This basically transforms the concept of "scareware" into "ransomware."...

news.softpedia.com
blog.fireeye.com
How to remove FileFix Pro
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:34 PM

Posted 23 March 2009 - 09:15 AM

I've already seen a few in AII
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:34 PM

Posted 23 March 2009 - 04:34 PM

Oi......things are sure being taken to the next step these days.....

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:09:34 PM

Posted 24 March 2009 - 01:10 PM

Just curious. Does the "kidnapper" deliver after the ransom is paid or is the victim left with a lighter wallet and destroyed files?
Regards
Nawtheasta

#5 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:34 PM

Posted 24 March 2009 - 03:43 PM

More links below including free decryption tool

Vundo is one of the most prevalent malware agents encountered in-the-wild. A new version will encrypt eligible data file types on a PC and try to trick users into paying to restore files. Symantec offers a free cleaning tool as noted at the bottom that will unencrypt these files.

Vundo - New Ransomware Version encrypts files
https://forums2.symantec.com/t5/blogs/bloga.../article-id/255


QUOTE: Symantec received news of a new twist in the behavior of Trojan.Vundo. Instead of simply pushing misleading applications and other threats onto the infected computers, it seems the authors of Vundo have taken a more direct hand in revenue generation. Rather than just frightening you into believing that you may have problems or threats present on your computer, Vundo now drops a file named fpfstb.dll that attempts to make sure that you do encounter problems on your computer.

Once the files are encrypted, it starts to display messages stating that certain files on the computer are corrupted. If the user attempts to open any of the encrypted files, a message will also appear saying that the file is corrupt. In both windows, a repair option is available.

If the user clicks on repair, a browser window will open to the domain filefixpro.com (now offline). This site offers a program named FileFix Professional (detected as FileFixProfessional), which is supposed to repair the corrupted files. Of course, FileFixPro is not a free application, so you are expected to pay in order to license it for use. FileFix Professional is obviously not what it is cracked up to be—it is, in fact, just another part of this whole scam—it only decrypts the files that its partner in crime (Trojan.Xrupter) has encrypted.

Symantec's free cleaning and decryption tool to restore encrypted files
http://www.symantec.com/content/en/us/glob.../FixXrupter.exe

Edited by harrywaldron, 24 March 2009 - 04:18 PM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:34 PM

Posted 24 March 2009 - 04:38 PM

Thanks for the link :thumbsup:
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users