Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Extortion virus code gets cracked

  1. #1
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003

    Extortion virus code gets cracked

    Hi,
    Here is a quick heads up. If anyone gets hit with this version of the virus you can try the pass word in the article. Of course the password can be changed but it is a start. could be interesting if some of our more qualified members could get a hold of a version and disect it, it could be an interesting discussion. here is the article, the source is the BBC website.

    Extortion virus code gets cracked

    To recover files, victims are asked to buy drugs online
    Do not panic if your data is hidden by virus writers demanding a ransom.
    Poor programming has allowed anti-virus companies to discover the password to retrieve the hijacked data inside a virus that has claimed at least one UK victim.
    The Archiveus virus caught out British nurse Helen Barrow and swapped her data with a password-protected file.
    The virus is the latest example of so-called "ransomware" that tries to extort cash from victims.

    Code breaker

    Analysis of Archiveus has revealed that the password to unlock the file containing all the hijacked files is contained within the code of the virus itself.

    When I realised what had happened, I just felt sick to the core

    Helen Barrow
    This virus swaps files found in the "My Documents" folder on Windows with a single file protected by a 30-digit password. Victims are only told the password if they buy drugs from one of three online pharmacies.

    The 30-digit password locking the files is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw ". Using the password should restore all the hijacked files.

    "Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it," said Graham Cluley, senior technology consultant for security firm Sophos.
    Archiveus was discovered on 6 May but it took the rest of the month for the first victim, Rochdale nurse Helen Barrow, to emerge.
    Ms Barrow is thought to have fallen victim when she responded to an on-screen message warning her that her computer had contracted another unnamed virus. The virus asks those it infects to buy drugs on one of three websites to get their files back.
    "When I realised what had happened, I just felt sick to the core," said Ms Barrow about the incident.
    The Archiveus virus is only the latest in a series of malicious programs used by extortionists to extract cash from victims. Archiveus seems to use some parts of another ransoming virus called Cryzip that was circulating in March 2006.

    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Ok, I understand that international law and the internet can sometimes be tricky things, but there has to be a way to shutdown companies that do this and put those responsible in jail. I may be missing something here, but it should be a simple matter of "they broke into my computer, stole (or at least made unavailable) my data, thats a crime"
    I mean, the whole point of the virus is to send someone money. Just follow it.
    Then again, maybe I am missing something.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  3. #3
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    That is the question. I reckon that the so called companys are nothing more than a web page that links on to another site ect. Still i wonder what types of payment they accept. I doubt that anyone would be stupid enought to use there credit card .
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  4. #4
    Originally posted here by MURACU
    That is the question. I reckon that the so called companys are nothing more than a web page that links on to another site ect. Still i wonder what types of payment they accept. I doubt that anyone would be stupid enought to use there credit card .
    My guess would be that the only payment accepted would be a credit card, and then the credit card would "reused" by the baddies.

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    any idea how much the 'ransom' is ?

    and I for one would NOT use a CC on THOSE sites
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    This virus swaps files found in the "My Documents" folder on Windows
    So seeing as i do not use the My Documents folder, have pretty much disabled it's usage on the work boxe's then if i had got infected by this then it would not attack the c:\ d:\ or f:\ directory's where all the good stuff is located?

    Whom i am curious as to why the maker of this ransomware only had it lock up the My Documents and not every thing else ?

    f2B

  7. #7
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    people who are less computer friendly put all there stuff in "my documents"... and being they are less computer friendly they tend to do what the screen tells them to do... instead of the other way around...

    thats how i rationalize that... any other thoughts??

    what "drugs" do you have to buy? and how would you get the password after you bought them?
    work it harder, make it better, do it faster, makes us stronger

  8. #8
    I've heard of some variants scanning all local drives found on the PC for MS Office docs (Word, Excel) and databases.

    I would think that the law enforcement folks could just follow the money trail to find the attacker. I'm sure there's ways to make it harder to do but eventually someone's gonna get the $$ - and that's the one you nab.

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Do not panic if your data is hidden by virus writers demanding a ransom.
    Just boot to a linux cd and search for the hidden files.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Better yet, update your AV and install a Firewall or use the one that comes with WinXp, even better create a limited account for browsing, or in the victim's case lockdown IE or use another browser that won't get hijacked...
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •