Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Twist on Spyware--Ransonware (My Title)
LurHQ ^ | March 11, 2006 | by LURHQ Threat Intelligence Group

Posted on 03/16/2006 7:43:24 PM PST by yhwhsman

In May 2005, a trojan called PGPcoder was discovered in the wild by Websense Security Labs. The trojan's purpose was to encrypt a user's files, then demand a ransom for their decryption. Although this scheme seemed novel, it is actually predated by over 15 years, by a similar scam in 1989. LURHQ's Threat Intelligence Group has now discovered a third such scheme involving ransomware which we are calling Cryzip.

Unlike PGPcoder, which used a custom encryption scheme (which was subsequently reverse-engineered by LURHQ), Cryzip uses a commercial zip library in order to store files inside a password-protected zip. Although the zip encryption is stronger, a brute-force attack is still possible on the files, especially if one has a copy of the original file inside the zip.

(Excerpt) Read more at lurhq.com ...


TOPICS: Business/Economy; Crime/Corruption; Culture/Society; News/Current Events; Technical
KEYWORDS: adware; computer; getamac; linus; linux; macos; malware; ransonware; spyware; threat; trojan; trojans; virus; windows; windoze
Great, as if normal spyware wasn't enough of a hassle.
1 posted on 03/16/2006 7:43:27 PM PST by yhwhsman
[ Post Reply | Private Reply | View Replies]

To: yhwhsman

One of the irritating aspects is that even people who send in the ransom money often don't recive the unlock code.


2 posted on 03/16/2006 7:44:46 PM PST by gondramB (Render unto Caesar that which is Caesar's and unto God that which is God's.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yhwhsman
Linux is the cure for the common spyware.
3 posted on 03/16/2006 7:49:31 PM PST by Halfmanhalfamazing (Linux, the #2 OS. Mac, the #3 OS. Apple's own numbers are hard to argue with.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yhwhsman
Here's the story via Fox: Computer Virus Demands Ransom for Encrypted Files
4 posted on 03/16/2006 7:50:48 PM PST by yhwhsman ("Never give in--never, never, never, never, in nothing great or small..." -Sir Winston Churchill)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Halfmanhalfamazing

I'd prefer an operating system to an thing that needs to be endlessly tweaked. Something that runs software and is generally useful. And even fun.

Probably most of these idiotic geeks who create spyware and viruses and other malware are LUNIX users trying to herd us into LUNIX before springing some final trap.

No thank you.

Why does LUNIX use the penguin as it's mascot? They ripped off the O/S from UNIX so did they rip off their mascot from the 1980's video game Pengo? Pengo was fun and most LUNIX geeks are generally humorless and uptight so I don't think that's it. So where did they rip off their mascot from? I know they didn't come up with it on their own.


5 posted on 03/16/2006 8:01:02 PM PST by Duke Nukum (To thine own self be true...or relatively true. --Guy Caballero)
[ Post Reply | Private Reply | To 3 | View Replies]

To: yhwhsman

At least two full backups of important data stored separate from the computer is the answer. It is not difficult to do. IOMEGA has the fast REV drive now with replaceable 35 GB drives or there are many other solutions such as thumb (handy) USB drives.


6 posted on 03/17/2006 12:34:14 AM PST by Northern Alliance
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

7 posted on 03/17/2006 5:55:50 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Duke Nukum
I know they didn't come up with it on their own.

You're wrong of course--just like most of the rest of your post. Google the history of the logo if you're that interested.

8 posted on 03/17/2006 5:57:33 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Duke Nukum
I'd prefer an operating system to an thing that needs to be endlessly tweaked. Something that runs software and is generally useful. And even fun.

I absolutely agree.

There's no fun in having to buy, install and maintain anti-virus, anti-spyware, personal firewalls, service packs and who-knows-what.

Even IE5, which shipped with Windows 2000 Pro, is too obsolete for some modern software and has to be "upgraded" to IE6. Outlook Express still doesn't support yEnc, so it's almost totally unusable on usenet, and you have to buy a decent usenet client.

Meanwhile, my Linux servers just run happily in their closet in the guest bedroom. No need to touch them except for monthly backups. My Linux workstation supports anything I want to do on the Internet. No need to buy anything more, if there's something else you need you just look around SourceForge.

9 posted on 03/17/2006 6:12:08 AM PST by TechJunkYard (DMCA: Don't Make Content Accessable)
[ Post Reply | Private Reply | To 5 | View Replies]

To: TechJunkYard

What got me was when I found XP won't restore backup files made in Win 95.


10 posted on 03/17/2006 6:43:25 AM PST by Tribune7
[ Post Reply | Private Reply | To 9 | View Replies]

To: Duke Nukum
They ripped off the O/S from UNIX

Actually, he got the basics from his college textbook, which had Minix, itself a UNIX clone written from scratch by professor Andrew Tanenbaum, a friend of the creators of UNIX.

11 posted on 03/17/2006 6:43:34 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 5 | View Replies]

To: yhwhsman; ShadowAce
I received a spoof email this morning that was so deceptive I would have clicked through except Cox mail had marked it as spam. It was a message from a eBay seller offering me a Second Chance offer for a item. The format was a perfect copy and except for the poor spelling I almost fell for it.

I cut and pasted the item number in the eBay search box and it came back as a listing from a member warning of the spoof.

Here is the warning... SPOOF
12 posted on 03/17/2006 7:09:48 AM PST by tubebender (BIG REWARD for my missing tag line. Please advance a security deposit to enter...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yhwhsman
Here is a sure solution to this problem:

http://en.wikipedia.org/wiki/Scaphism

with 24hr webcams.
13 posted on 03/17/2006 1:51:16 PM PST by beef (Who Killed Kennewick Man?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yhwhsman

I am beginning to think that the solution is to have an independant computer just for the internet. Keep a set of the operating system software and if something by passes all my protection, just reformat and reload, and start over.

Keep all my important stuff on a separate computer not connected in any way to the internet computer.


14 posted on 03/17/2006 1:58:48 PM PST by CIB-173RDABN
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
You're wrong of course--just like most of the rest of your post. Google the history of the logo if you're that interested.

Wow! LUNIX came up with a penguin all on their own! Who knows, maybe one day they will write their own O/S and stop ripping of UNIX.

In the meanwhile, I'll play some games while waiting for someone to come up with an O/S that sucks less then XP.

15 posted on 03/17/2006 2:49:11 PM PST by Duke Nukum (To thine own self be true...or relatively true. --Guy Caballero)
[ Post Reply | Private Reply | To 8 | View Replies]

To: tubebender
Yeah... I fell for such a spoof. Never again!

(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")

16 posted on 03/17/2006 2:54:46 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Duke Nukum
and stop ripping of UNIX

See Post #11.

17 posted on 03/17/2006 3:56:07 PM PST by rzeznikj at stout (This is a darkroom. Keep the door closed or you'll let all the dark out...)
[ Post Reply | Private Reply | To 15 | View Replies]

To: TechJunkYard
Meanwhile, my Linux servers just run happily in their closet in the guest bedroom.

Oh yeah, LUNIX is great as long as you never have to use it. It's when you want to do things like edit photos or process words. Then you have to know that Photoshop is called GIMP and Word for LUNIX is called Painful Rectal Itch.

I think the LUNIX geeks write the spyware and viruses so they can boast about how great LUNIX is and feel good that they belong to an exclusive club when they can't find any D&D players in the neighborhood. Otherwise, there's no reason for LUNIX to be so mind bendingly stupid.

I mean, when it first came out, yeah, it had to be mind bendingly stupid because they didn't have more then two bits of memory back then, but now it's a million years later so the only reason must be anti-social geek angle.

Well, at least it keeps them from the World Domination Plots James Bond used to have to break up in the 1960's.

Speaking of movie plot devices, I think my favorite version of UNIX ever is the one they used in Jurassic Park.

18 posted on 03/17/2006 3:56:18 PM PST by Duke Nukum (To thine own self be true...or relatively true. --Guy Caballero)
[ Post Reply | Private Reply | To 9 | View Replies]

To: antiRepublicrat
Any idea if Minix installs on VMWare (player)?
19 posted on 03/17/2006 3:57:21 PM PST by rzeznikj at stout (This is a darkroom. Keep the door closed or you'll let all the dark out...)
[ Post Reply | Private Reply | To 11 | View Replies]

To: antiRepublicrat
Actually, he got the basics from his college textbook, which had Minix, itself a UNIX clone written from scratch by professor Andrew Tanenbaum, a friend of the creators of UNIX.

So, LUNIX is a rip-off of a rip-off, then. Very good, since Windows is a rip-off of a rip-off too. Except it doesn't suck as bad as LUNIX. Except for all the viruses and malware the jealous LUNIX geeks write it's a hardly noticeable level of suckiness.

But, realistically, I don't think there will ever be an O/S that doesn't suck, it's the nature of the machines. Maybe, one day, if there are organic computers that write their own O/S based on their biological function, that might be as close to zero suckiness as it can get, but it's probably a long way off if it happens at all.

20 posted on 03/17/2006 4:08:40 PM PST by Duke Nukum (To thine own self be true...or relatively true. --Guy Caballero)
[ Post Reply | Private Reply | To 11 | View Replies]

To: CIB-173RDABN
"Keep a set of the operating system software and if something by passes all my protection, just reformat and reload, and start over."

All you have to do is image your system partitions on a different partition with 40% compression AND image those same partitions on spanned CDs. I use Symantec Ghost 7.5, Corp. Ed.

In 5 minutes you are bright-eyed and bush-tailed again.

No kicking the cat, yelling at your old lady, or going on a drunken shooting rampage down the street!

21 posted on 03/17/2006 4:23:36 PM PST by BobS
[ Post Reply | Private Reply | To 14 | View Replies]

To: Duke Nukum
So, LUNIX is a rip-off of a rip-off, then.

More like a rip-off of a rip-off of a rip-off of a rip-off of a rip-off (FMS > CTSS > MULTICS > UNIX > MINIX > Linux). However, Linux is only a very loose "rip-off" of MINIX, since it doesn't have the microkernel architecture.

22 posted on 03/17/2006 6:49:39 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 20 | View Replies]

To: rzeznikj at stout
Any idea if Minix installs on VMWare (player)?

Yes. Ready-made VMWare images are available at the site. Or you can download MINIX 3 and try it from a live CD. USB-bootable images are also available.

Tanenbaum has definitely gone the "small is good" approach he teaches. From a technical standpoint, it's genius, completely modular, true microkernel (less than 4,000 lines of code). It's probably the most robust and secure UNIX in the world. Even the worst-written video driver shouldn't be able to take down MINIX -- the crashed driver will automatically be restarted. Buffer overflows? MINIX only executes in read-only areas allocated for code.

All of that comes with some performance trade-offs, but you make your choices...

23 posted on 03/17/2006 7:16:16 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 19 | View Replies]

To: antiRepublicrat
I was just curious--I'm putting the player on my Suse 10 partition. Different perspective, I suppose.

Wouldn't be bad experience-wise either.

24 posted on 03/17/2006 9:50:50 PM PST by rzeznikj at stout (This is a darkroom. Keep the door closed or you'll let all the dark out...)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Duke Nukum

Dukie, stop howling about "rip-offs." The PC BIOS is a rip-off of the IBM PC. MacOS is a rip-off of Unix and the Xerox Alto. Windows is a ripoff of MacOS, VMS, CP/M, etc. Everything's a rip-off of some computationally pure platonic ideal. We get it. Find something else to rant about.


25 posted on 03/17/2006 10:00:32 PM PST by Caesar Soze
[ Post Reply | Private Reply | To 20 | View Replies]

To: Caesar Soze

I'm not howling. I said Windows was a rip off of a rip off too. Just that it sucks less then LUNIX. Unless, of course, you don't actually need to use the machine, like it's a server or something. It's just the anti-social people who promote LUNIX suck at making things that are easy and fun to use. Probably, they suffer from some form of autism and LUNIX is what autism might look like if autism could be given form.


26 posted on 03/17/2006 10:18:40 PM PST by Duke Nukum (To thine own self be true...or relatively true. --Guy Caballero)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Duke Nukum

^^^^^^^^^^^^^^^I'd prefer an operating system to an thing that needs to be endlessly tweaked.^^^^^^^^^^

You'd love linux then. You install it once, set up your printer, your personal settings and whatever else you think you'll need then you're done. It's very similar to a mac in this regard.

Windows needs constant work and tweaking. This week, tweak your ad-aware settings, next week install the new patches, the week after, make sure you have the antivirus defs up to date. Careful you don't open up that email.

^^^^^^^^^^^^^^^Something that runs software and is generally useful.^^^^^^^^^^^^^^^^

Linux runs alot of software. There's very little that you can't do with it these days.


27 posted on 03/18/2006 6:30:35 AM PST by Halfmanhalfamazing (Linux, the #2 OS. Mac, the #3 OS. Apple's own numbers are hard to argue with.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Duke Nukum
In the meanwhile, I'll play some games while waiting...

That's about all your Windoze toys are good for - playing games and waiting for something to happen.

28 posted on 03/18/2006 7:46:02 AM PST by TechJunkYard (DMCA: Don't Make Content Accessable)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Duke Nukum
It's when you want to do things like edit photos or process words. Then you have to know that Photoshop is called GIMP and Word for LUNIX is called...

"If all of your tools have to look and feel the same way because you can't handle change.... you might be a Windows user."

And there's a treatment for that. It's called WINE - the WINdows Emulator.

.. they can't find any D&D players in the neighborhood..

Well, apparently playing games is the focal point of your life. When you get ready to do some real work, I suppose you can buy something for your X-Box.

29 posted on 03/18/2006 8:08:46 AM PST by TechJunkYard (DMCA: Don't Make Content Accessable)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Duke Nukum

Now, I use windows as much as the next guy. It is fairly useful, and the only place to go if you want to play most modern games.

That said, I've never heard it characterized as "fun." :P


30 posted on 03/18/2006 8:23:50 AM PST by Constantine XIII
[ Post Reply | Private Reply | To 5 | View Replies]

To: TechJunkYard
...you have to buy a decent usenet client.

You do?

31 posted on 03/18/2006 8:28:34 AM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 9 | View Replies]

To: Duke Nukum

No one writes very many large programs from scratch, regardless of what it does.


32 posted on 03/18/2006 8:29:02 AM PST by Constantine XIII
[ Post Reply | Private Reply | To 20 | View Replies]

To: yhwhsman
Only one solution - death penalty for malware producers/distributors.

Our Navy is rounding up pirates on the open seas (again), why not do so for those that terrorize across cyberspace?
33 posted on 03/18/2006 3:07:10 PM PST by anymouse
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow; Golden Eagle
...you have to buy a decent usenet client.
You do?

You mean to tell me that someone is giving away a NNTP client that runs on Windows?

Oh man, GE is not gonna like this. It takes money out of the US IT economy and exposes all kinds of trade secrets to our enemies. Who knows what the Chicoms can do with a free usenet client? They can use it to suck all of our technical newsgroups dry and not pay a cent for the information! Horrors!

Actually, I've tried Xnews and I really like it. I have it on the Windows side of my "travelling" 600E that I use on the road. After browsing through the NNTP servers on my sister's Verizon DSL account, I can now say that my RoadRunner servers truly suck.

34 posted on 03/19/2006 7:15:59 AM PST by TechJunkYard (DMCA: Don't Make Content Accessable)
[ Post Reply | Private Reply | To 31 | View Replies]

To: yhwhsman

What's a "ranson"?

Something you pay to a "kidmaper"?

Dan


35 posted on 03/19/2006 7:18:21 AM PST by BibChr ("...behold, they have rejected the word of the LORD, so what wisdom is in them?" [Jer. 8:9])
[ Post Reply | Private Reply | To 1 | View Replies]

To: BibChr
What's a "ranson"?
Something you pay to a "kidmaper"?

Yea, something like that. :)

Sorry, I usually catch things like that. I'm losing the feeling in my right hand, is making typing a rather interesting experience.

36 posted on 03/19/2006 1:20:59 PM PST by yhwhsman ("Never give in--never, never, never, never, in nothing great or small..." -Sir Winston Churchill)
[ Post Reply | Private Reply | To 35 | View Replies]

To: TechJunkYard
Well, I dunno about wrecking the NNTP client industry, mostly because I don't think there is an NNTP client industry. I've been browsing Usenet for long, long time now, on a variety of operating systems, and I don't recall ever having to buy a client for any of them ;)

After browsing through the NNTP servers on my sister's Verizon DSL account, I can now say that my RoadRunner servers truly suck.

Surprisingly, news is one thing Vz does pretty well. I switched from Verizon DSL to Earthlink/Covad about a year ago, mostly because Verizon refused to increase my line speed to the level that I was being offered elsewhere. EL's servers aren't truly horrendous, but it's definitely a step down from Vz. But, I get more speed, so it's more or less worth it...

37 posted on 03/19/2006 1:42:13 PM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 34 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson