Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype being used to spread ransomware.


  • Please log in to reply
8 replies to this topic

#1 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:05 AM

Posted 05 December 2015 - 10:01 AM

I was hit last week, I had just ended a post to a friend.  Almost immediately an applet appeared saying I had s video call and must update the player, it looked official so stupid me clicked the link.  NONE of my security item could rid it from my laptop, I tried using Revo to get rid on the massive junk ware.  A reboot or two later I got the famous ransomware applet with a number to call to rid my machine.  Knowing better I did not click that link but did call so I could voice my disdain, Kieth the voice on the other end had sore ears when done!  I ended up pulling my SSD and reinstalling my original spinner, formatting the SSD then cloning the spinner to the SSD.  I am lucky enough to know how to do this stuff many will pay big buck to a computer shop, be careful what you click on it can be very costly!

 

Phil


Honesty & Integrity Above All!


BC AdBot (Login to Remove)

 


#2 cmptrgy

cmptrgy

  • Members
  • 1,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:06:05 AM

Posted 05 December 2015 - 10:15 AM

Good for you Phil. I believe the same way. I'm glad you shared that experience.

--- Even for those who don't know how to do that, I'd rather see them do their business locally instead of paying the ransomeware crooks.

I'm not as advanced as you are or so many experts in our forums but I have saved some peoples computers from being "ransomed or compromised" because they followed my advice: "if you see something funny, get help to figure out what's wrong"

--- I could expand on that but I'm glad that I can at least deal with many issues that have a potential dangerous effect 



#3 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:05 AM

Posted 05 December 2015 - 10:23 AM

Thanks for the non just Kudos, I am far from an expert just an old guy been plying with this stuff since 1972 see I said old.

 

Phil


Honesty & Integrity Above All!


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 06 December 2015 - 09:23 AM

Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than proof-of-concept viruses. Social engineering has become on of the most prolific tactics for distribution of malware, identity theft and fraud.

Social media is a popular venue where cyber-criminals can facilitate the spread of malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88

  • Members
  • 2,999 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:05 AM

Posted 06 December 2015 - 02:56 PM

Post#1, you say you were infected but you don't say precisely how. You say that skype was used in the title of the thread but do not elaborate on this in the post, could you please explain how it arrived, was it just a link shared via skype or was it something sent through skype? It would be helpful for people to know, because from your title it sounds like the virus arrived in a way different than the common ones.

P.S. do you think something like noscript or malwarebytes anti-malware could have protected you, was there some sort of browser drive-by involved here?

Edited by rp88, 06 December 2015 - 02:56 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:05 AM

Posted 06 December 2015 - 03:09 PM

Post#1, you say you were infected but you don't say precisely how. You say that skype was used in the title of the thread but do not elaborate on this in the post, could you please explain how it arrived, was it just a link shared via skype or was it something sent through skype? It would be helpful for people to know, because from your title it sounds like the virus arrived in a way different than the common ones.

P.S. do you think something like noscript or malwarebytes anti-malware could have protected you, was there some sort of browser drive-by involved here?

Like I said I had just ended a chat with a friend, guessing about 30 seconds after an applet popped saying I had a video call but needed to upgrade my player.  It looked very legit so stupid me clicked the link normally I will Google anything questionable, within a minute I had at least 15 junk links I can't even name them all.  I broke the cardinal rule!


Honesty & Integrity Above All!


#7 rp88

rp88

  • Members
  • 2,999 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:05 AM

Posted 06 December 2015 - 03:40 PM

"applet" as in what? Were you in the browser at the time or using skype via the skype program/app? If you were in the browser then perhaps this thing that popped up was an advert disguised as a prompt to update the video player, these are quite common types of advert. If you were in the skype program, or for that matter on one of microsoft's own pages in the browser then would this mean there was some sort of vulnerability being exploited to make this advert appear within the skype program or on a microsoft webapge? Do you think there was any connecton between the pop-up and the video call you had just had ith your friend, could it be a mere coincidence that a piece of spam prompting you to update your video player occured shortly after you had been making a video call, or do think it's something scarier than that?

Edited by rp88, 06 December 2015 - 03:40 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:05 AM

Posted 06 December 2015 - 03:46 PM

"applet" as in what? Were you in the browser at the time or using skype via the skype program/app? If you were in the browser then perhaps this thing that popped up was an advert disguised as a prompt to update the video player, these are quite common types of advert. If you were in the skype program, or for that matter on one of microsoft's own pages in the browser then would this mean there was some sort of vulnerability being exploited to make this advert appear within the skype program or on a microsoft webapge? Do you think there was any connecton between the pop-up and the video call you had just had ith your friend, could it be a mere coincidence that a piece of spam prompting you to update your video player occured shortly after you had been making a video call, or do think it's something scarier than that?

It popped up on the Skype page looked official that was the reason I clicked the link.


Honesty & Integrity Above All!


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 06 December 2015 - 06:20 PM

... I broke the cardinal rule!

Let it be a lesson learned and not to break the rule again. Mistakes are often made when acting in haste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users