Posted on 05/20/2016 12:14:54 PM PDT by dayglored
Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses.
The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their computers. Unlike Locky, CryptoWall and their ilk it doesn’t actually encrypt files on compromised Windows PCs, however.
Jérôme Segura, a senior security researcher at Malwarebytes, said “tech support lockers" represent a class of malware more advanced than browser locks and fake anti-virus alerts of the pre-ransomware past.
"This is not a fake browser pop up that can easily be terminated by killing the application or restarting the PC,” Segura writes in a blog post. “No, this is essentially a piece of malware that starts automatically, and typical Alt+F4 or Windows key tricks will not get rid of it."One strain of tech support locker employs a subtle piece of social engineering trickery by waiting until a users restarts their computer before confronting users with a fake Windows update screen. Users are told their computers can’t be restarted normally supposedly because of an “expired license key”. Thereafter a screen locks a user out of their computer in an attempt to trick marks into phoning a support number, staffed by scammers.
Victims are told that their problems can be resolved, for a fat fee of $250, Malwarebytes discovered.
The particular strain of malware - spotted and documented by independent White Hat security researcher “TheWack0lian” - marks a evolution in tech support scams, Malwarebytes’ Segura warns.
“In comparison to fake (but mostly harmless) browser alerts, these Windows lockers are a real pain to get rid of and until you do so, your computer is completely unusable.... This increased sophistication means that people can not simply rely on common sense or avoid the typical cold calls from 'Microsoft'. Now they need to also have their machines protected from these attacks because scammers have already started manufacturing malware tailored for what is essentially plain and simple extortion over the phone,” he writes.
Miscreants have already begun to flog these types of lockers on Facebook, a sign that scams of this type have reached script kiddie level and are therefore likely to become commonplace in future. Previous scams along the same lines, although less sophisticated, include a BSOD ruse that surfaced last September.
“There is an entire ecosystem to distribute these tech support lockers, which includes bundling them into affiliate (Pay Per Install) applications,” Segura concludes.
More commentary on the scan can found in a post from security blogger David Bisson here.
Bot-note:
A keyboard combination to disable the tech support locker malware by holding Ctrl+Shift while pressing the S key, was discovered by TheWack0lian. The same white hat discovered hardcoded values for the ‘product key’: “h7c9-7c67-jb” or “g6r-qrp6-h2” or “yt-mq-6w” which may offer a means to recover from infection without paying scammers, at least in the case of this one particular strain of malware.
Most of them are in Russia or China.
I wish I could get my hands on just one of them. There would be medieval torture methods involved.
Image
Your
Machine
Beforehand
From the cheesy movie Ransom:
Tom Mullen: [on live TV] The whole world now knows... my son, Sean Mullen, was kidnapped, for ransom, three days ago. This is a recent photograph of him. Sean, if you’re watching, we love you. And this... well, this is what waits for the man that took him.
This is your ransom. Two million dollars in unmarked bills, just like you wanted. But this is as close as you’ll ever get to it. You’ll never see one dollar of this money, because no ransom will ever be paid for my son. Not one dime, not one penny. Instead, I’m offering this money as a reward on your head. Dead or alive, it doesn’t matter. So congratulations, you’ve just become a two million dollar lottery ticket... except the odds are much, much better. Do you know anyone that wouldn’t turn you in for two million dollars? I don’t think you do. I doubt it.
So wherever you go and whatever you do, this money will be tracking you down for all time. And to ensure that it does, to keep interest alive, I’m running a full-page ad in every major newspaper every Sunday... for as long as it takes. But... and this is your last chance... you return my son, alive, uninjured, I’ll withdraw the bounty. With any luck you can simply disappear. Understand... you will never see this money. Not one dollar. So you still have a chance to do the right thing. If you don’t, well, then, God be with you, because nobody else on this Earth will be.
Bingo. Do it religiously once per week if not, more. I use Macrium Reflect and it is awesome. For my Linux, the need isn't so severe but it's just as easy.
Find where the number leads and kill everyone there.
1). Base (basically factory)
2). Office Suite
3). Development
4). Daily
5). Games
Each image build incrementally so I can restore at any point. My personal files themselves reside on another drive. So when I restore the "C" Drive, my personal files are untouched.
That, sir is the voice of experience.
Install Adblock Plus.
Damned Malvertising gone for good.
I hope somebody empties an entire magazine into one of these maggots one day.
I’d like to fry one of these creeps and then serve him to his buddies for dinner.
PING!
.
FYI
Wow...I got that fake Adobe Flash “Upgrade”
I got suspicious when they asked for a password. Adobe never asked for that before.
I know...I love being on this ping list...Some of it is way beyond my computer savvy but many are very helpful to me. I save ones like this to a file.
Like you...I won’t click on anything that looks hinky.
It’s better to go to the main site and update from there.
It’s a Jungle out there!
Thanks, Meg33, you just made my day! :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.