[SFCC] Latest Ransomware/Scareware Scam

• From: "Buzz Brooks" <buzzbro@xxxxxxxxxxx>
• To: "Buzz Brooks" <buzzbro@xxxxxxxxxxx>
• Date: Wed, 14 Sep 2011 15:10:01 -0700

Members, Friends

 

This will soon be making its way from Russia to the US.  I know none of you
have any of this on your systems but it will lock up your machine anyway.  

 

Two things you should do are:

1.      Make sure you take a current restore point as we showed you how at
recent meetings.
2.      Watch out for any web address that end in .ru (Russia) or other
strange web address - don't open unless you know who the link is from (and
trust that they have scanned the attachment).

 

Don't forget to come to the next meeting, September 21st at 10:00 am.

 

Buzz

 

New ransomware variant uses false child porn accusations

By Dancho Danchev | September 14, 2011, 5:54am PDT

Summary: Researchers from BitDefender have detected a new ransomware variant
currently spreading in the wild.

 <http://i.zdnet.com/blogs/untitled_0101.png> Description:
http://i.zdnet.com/blogs/untitled_0101.png

Researchers from BitDefender have detected a new
<http://www.malwarecity.com/blog/cyber-extortion-scam-issues-false-child-por
n-accusations-1127.html> ransomware variant currently spreading in the wild.

Once Trojan.Agent.ARVP locks down the infected PC, it displays a message
saying that the PC is locked due to the fact that child pornography was
found on the user's system and the fine of 500 rubles must be paid within 12
hours. The Task Manager, Windows Explorer and User Init Logon Application
are either killed or overwritten by the trojan in an attempt to prevent
users from killing it.

The scammers says the user must pay within 12 hours or the "child-porn" case
will be forwarded to the local police and all data stored on the personal
computer will be blocked or deleted, the operating system uninstalled and
the BIOS erased.

In reality, the data will still be there and the BIOS will not be affected
after the 12-hour deadline passes. But the PC will remain locked. Paying the
ransom will not unlock it. In-depth analysis of the malware revealed that
there is no way to unlock the PC, so the promise of a code is false.

The malware is currently spreading over links distributed over social
networks. Users are advised to be extra vigilant when dealing with
suspicious links.

Kick off your day with ZDNet's
<http://nl.zdnet.com/acct_mgmt.sc?brand=zdnet> daily e-mail newsletter. It's
the freshest tech news and opinion, served hot.
<http://nl.zdnet.com/acct_mgmt.sc?brand=zdnet> Get it.

 

Buzz Brooks

buzzbro@xxxxxxxxxxx

(520) 572-7363 (H)

(520 235-5467 (M)

 

Other related posts:

• » [SFCC] Latest Ransomware/Scareware Scam - Buzz Brooks

1. Home
2. sfcc
3. Archive
4. 09-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---