Tracking link virus going around. Be careful!

[JerryBoBerry]

http://boston.cbslocal.com/2013/12/18/cryptolocker-ransomware-being-described-as-the-perfect-crime/

BOSTON (CBS) — It is being called the perfect crime and it has law enforcement around the globe baffled.

It all starts with a simple email.

“They are scared and they are angry. It is a real terrible experience for them.”

Joe Ruthaford is talking about computer users who mistakenly launched a potent internet phishing scheme.

He recently saw one of those ravaged computers in his Beacon Hill repair shop.

“It is extremely damaging. It is one of the worst ones.”

It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston.

“I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that is exactly what happened last month at the Swansea Police Department.

Cryptolocker ransomware took over the department’s entire computer system and the police were forced to pay a $750 ransom to get back control.

As the ransomware takes over your computer, a countdown clock appears and shows victims how long they have to pay up. That means purchasing a key, or software, to reverse the process. And victims must do that using the online virtual currency known as bitcoins.

“Once you have purchased a bitcoin, then the transaction that you use that bitcoin in is encrypted, and therefore you cannot trace it,” explained Goodchild.

Swindon says it appears to be the perfect crime.

The FBI tells WBZ-TV they are very worried about this spreading in 2014.

The scheme could be the work of organized gangs overseas. So far, no one has been caught.

 

[Jupiter551]

wow people actually click those links...?

 

[CallMeWilliam]

wow people actually click those links...?

Just wait, drive-bys are next, just think of all those 0-day exploits that criminal hackers are sitting on waiting for April 2014...

 

[JerryBoBerry]

wow people actually click those links...?

I can especially see a problem among camgirls. With the wishlists and not knowing what is ordered, and doing a lot of online shopping, it would be easy to click without realizing.

 

[TacoBelle]

I can see how people would assume it was real if it said it was from Amazon or something. I mean, most people aren't stupid enough to click links from "Prince Muhammad" but would if it said "Amazon." And with life being hectic around the holidays, someone might be less wary.

 

[JerryBoBerry]

I can see how people would assume it was real if it said it was from Amazon or something. I mean, most people aren't stupid enough to click links from "Prince Muhammad" but would if it said "Amazon." And with life being hectic around the holidays, someone might be less wary.

They've been using a variety of emails to trick people into opening attachments. One business reported an email was sent with 'customer complaint records' attached. They could also be disguising it as UPS, FEDEX, EBAY....It takes nothing to simply make it look like it comes from businesses we all deal with on a regular basis.

Basically the best defense against this is have an external hard drive, maybe use cloud services. But keep backups of every single file you want to keep. That way if you do get it you just format your hard drive, re-install your OS and put stuff back on it. You lose a day, but it's a lot cheaper than the $300 they are demanding for it the key to unlock your files. And honestly even if you did pay them would you ever trust your computer as is to not have the files hidden on there so they could do it again in the future? I'd still format it even then. Backups are a good idea in the first place. Odds are greater your computer will simply fry one day and stop working. You'd lose your files just the same as if you had a virus wipe them out.

Couple update web pages if anyone is interested. These I won't post the text here to save some space.

This one just published yesterday shows many people are indeed getting caught by this one. Estimates so far are that the team of hijackers have made around $30 million so far from this virus.
http://www.pcworld.com/article/2082...ocker-grosses-up-to-30-million-in-ransom.html

And here's a lot more info on how it works and why you're pretty much insta-screwed if you do get it. Keep in mind this page was written a couple months ago and the virus has changed so Malwarebytes does NOT detect the current one as far as I understand. But how it works is still basically the same as described.
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

 

[Koolguy321]

Cam models should be especially careful when opening any links from members also.

There is software available on various sites called RATs (Remote Access/Administration Tools) which allow anyone to easily create a file which whenever someone opens on their desktop,
will give the person running the RAT basically full control over your desktop.
They can turn your webcam on, microphone on, record you using both, take screenshots of your desktop, steal passwords from your browsers, copy files like images/videos from your desktop to theirs and other stuff,
all without you knowing !

You can see then how models will be high-valued targets for those who do this to people, for example gaining control, recording their webcam while stealing any nude pics and videos etc.

Some nerdy info for anyone who wants more info - http://www.symantec.com/connect/blogs/c ... tching-you
video - http://www.symantec.com/tv/products/det ... 5681404001

** Cryptolocker has now shown everyone why it is important to backup to a external hard drive, and keep that hard drives disconnected from your computer whenever the backup is done.

 

[Jupiter551]

They've been trying this one for months. No one would be stupid enough to...omg...according to this email the runescape account I never owned is being hacked! I better confirm my credit card details...

 

[Koolguy321]

They've been trying this one for months. No one would be stupid enough to...omg...according to this email the runescape account I never owned is being hacked! I better confirm my credit card details...

Not everyone is tech-savvy, there is very convincing emails out there, like the fake Paypal ones.

 

[JerryBoBerry]

They've been trying this one for months. No one would be stupid enough to...omg...according to this email the runescape account I never owned is being hacked! I better confirm my credit card details...

Using your runescape account for example, it could be any company really, you may not have an account so you would be suspicious right away. But that's not the point. They mail out that same email to 100,000 people and what do you think the odds are that 'someone' has that account. Then they make a script to change the email to citibank, or Victoria's Secret and send it out again to more people. As the article said, they're conservatively estimating only 0.4% of people are actually clicking it. But that's still enough to make them $30 million.

You may not be getting caught, but someone in your neighborhood is.

 

[ga5457]

The Friday after Thanksgiving I was on MyFreePaysite.com surfing for porn. I clicked on a link on that site and was attacked by this virus. It locked my laptop computer up, turned on the webcam and put up a 48 hour timer for me to pay a $300 ransom to regain access to my computer. There were all kind of scare tactics on the screen. It said that It was locked because of some type of illegal activity that I had done and that the local police, FBI and other agencies had been contacted. I had 48 hours to go to Walmart or any store that sold MoneyPak and buy one for $300. I was to enter the MoneyPak code and they would unlockmy computer. Every time I shut my computer down and restarted it the timer would restart. At first it scared the crap out of me. I started reading some of the stuff on the screen and determined that it was a scam. I was out of town sitting in a motel when it happened. I decided to deal with it when I got back home. There are a few different versions going around. The one I got had in large print YOUR COMPUTER HAS BEEN LOCKED. A slightly different one says YOUR COMPUTER HAS BEEN BLOCKED. When I got back home I got on my home computer and googled both of those. There are ways to get rid on the virus by restoring your computer to an earlier date. See the links below for instructions on how to get rid of the virus. It took me a while but I finally got it deleted.


http://malwaretips.com/blogs/your-compu ... ked-virus/

http://malwaretips.com/blogs/your-compu ... d-removal/

 

[JerryBoBerry]

The Friday after Thanksgiving I was on MyFreePaysite.com surfing for porn. I clicked on a link on that site and was attacked by this virus. It locked my laptop computer up, turned on the webcam and put up a 48 hour timer for me to pay a $300 ransom to regain access to my computer. There were all kind of scare tactics on the screen. It said that It was locked because of some type of illegal activity that I had done and that the local police, FBI and other agencies had been contacted. I had 48 hours to go to Walmart or any store that sold MoneyPak and buy one for $300. I was to enter the MoneyPak code and they would unlockmy computer. Every time I shut my computer down and restarted it the timer would restart. At first it scared the crap out of me. I started reading some of the stuff on the screen and determined that it was a scam. I was out of town sitting in a motel when it happened. I decided to deal with it when I got back home. There are a few different versions going around. The one I got had in large print YOUR COMPUTER HAS BEEN LOCKED. A slightly different one says YOUR COMPUTER HAS BEEN BLOCKED. When I got back home I got on my home computer and googled both of those. There are ways to get rid on the virus by restoring your computer to an earlier date. See the links below for instructions on how to get rid of the virus. It took me a while but I finally got it deleted.

http://malwaretips.com/blogs/your-compu ... ked-virus/

http://malwaretips.com/blogs/your-compu ... d-removal/

I think you had the older variant of this that doesn't actually encrypt your files. It's easily dealt with by a program called RKILL (and other methods) and then either a restore or malwarebytes (or by going to a directory where it is stored and deleting it yourself as i described in another post here on the forum). They've added to that theme with this virus by actual encryption of your files so even if you get rid of it your files are still locked and useless to you.
The one you had actually had 6 variations on the theme. Fbi , sheriff, government,... One I use to deal with a lot was Red Cross. They all did the same thing just with different scare screens. The other difference is the old variant asked for moneygram, the new one is using bitcoin as it is untraceable.

The team spreading the new variant has been sending it directly in emails, I don't believe there's any report of clicking on a link on a website and getting it. Plus the new one encrypts your files. So yes you will be able to do a system restore to get windows system files back, but your personal files are still encrypted. Nothing but the public key will decrypt those. There is a company that is touting a solution of sorts. By taking snapshots of your files it can recreate them if they are encrypted. But you have to have that up and running before you get the virus, otherwise it's as useless as anything else out there. You can also 'defeat' this one by simply having a backup program in place and restoring your files from that. That's different from system restore in windows, that would also include your personal files that way.

http://m.theaustralian.com.au/technolog ... 6782716063

 

[ga5457]

Thanks for the info. I wasn't aware that there was a newer version of this virus. I never clock on links in emails from people that I don't know and rarely do in emails from people that I do know.

 

[Koolguy321]

using bitcoin as it is untraceable.

Not true

 

[PunkInDrublic]

There is software available on various sites called RATs (Remote Access/Administration Tools) which allow anyone to easily create a file which whenever someone opens on their desktop,
will give the person running the RAT basically full control over your desktop.
They can turn your webcam on, microphone on, record you using both, take screenshots of your desktop, steal passwords from your browsers, copy files like images/videos from your desktop to theirs and other stuff,
all without you knowing !

You can see then how models will be high-valued targets for those who do this to people, for example gaining control, recording their webcam while stealing any nude pics and videos etc.
.

looool Camgirls are not high value targets for people that do this.

 

[Teagan]

I'm pretty sure ive been attacked several times by this. Or attempted to be rather. Ive gotten several Amazon "notices" the past 3 months asking me to click to track an order. I obviously use Amazon a lot. I knew I had not placed an order though. Looking at the actual email it was sent from told me it was for sure spam as well. It was jddbvdbv@vonvdn.amazon.com and things like that. Always a .amazon.com ending though. The bad thing is even companies like Paypal use things like Paypal@e.paypal.com or Offer@e.paypal.com to send you stuff. So someone might just think it's the same thing.

Ive never clicked on the email and report it as spam every time, but I can really see how if it's a company you use (Amazon), you just did something the email described (placed an order), how easy it would be to just click on it thinking nothing of it.

Safest thing to do is what you are always told to do. Go to the actual website. Never click an email.

 

[Jupiter551]

Hey a new one, totally tricky too - if only I had tried to be on 'deal or no deal':

Please confirm your spot to be on Deal or no Deal

CONGRATULATIONS!

You have been selected to be a contestant on Deal or No Deal.



Please Click Here to Confirm Your Invitation

Click? Uhh, no deal.

 

[Teagan]

One i got today was from Costco. I've never even been to one let alone placed and order. They're getting ridiculous and using scare tactics now.

Unfortunately the delivery of your order COS-0086198425 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.

Please do this within the period of one week - if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.

 

[WildFingers]

I received this and it had an attached file labeled "Invoice.zip". Since when do you need a zip file for a pdf or other simple document.


Good evening,
Thanks for your order. We�ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.com.
Order Details
Order UD50518162183 Placed on December 13, 2013

Order details and invoice in attached file.

Need to make changes to your order? Visit our Help page for more information and video guides.

We hope to see you again soon. Amazon.com


Being the holidays it could have been an order placed by my wife so I went to my Amazon Acct and searched and the order number did not exist. I never downloaded the zipfile to say the least. SO just be careful.

 

[Gen]

I totally fell for one of these the other day, I got an email saying I had a new WhatsApp voice message. Granted it was early in the morning and I was a bit sleepy, but I opened the email and *almost* clicked the link. I use WhatsApp to group message my friends so it seemed feasible. I consider myself fairly tech-savvy (okay, not really - but smart enough not to fall for Nigerian princes and whatever), so I imagine people like my mom or folks who spend less time online easily falling for it. I feel bad when people insinuate it's just stupidity; I grew up using computers and am fairly adept with them but not everyone is!

 

[Koolguy321]

I received this and it had an attached file labeled "Invoice.zip". Since when do you need a zip file for a pdf or other simple document.
Being the holidays it could have been an order placed by my wife so I went to my Amazon Acct and searched and the order number did not exist. I never downloaded the zipfile to say the least. SO just be careful.

Good thing you didn't download it, there is two files in the zip folder, one of which is the Zeus Trojan (Zbot)

This is one nasty Banking Trojan, used to steal banking information and can also be used to install Cryptolocker :evil:

If you want any more info about what you just avoided
http://blog.malwarebytes.org/fraud-scam ... continues/
http://en.wikipedia.org/wiki/Zeus_(Trojan_horse)

Yeah I've kind of got an interest in all this, for those wondering :lol: :geek:

 

[scouser72]

I can see how people would assume it was real if it said it was from Amazon or something. I mean, most people aren't stupid enough to click links from "Prince Muhammad" but would if it said "Amazon." And with life being hectic around the holidays, someone might be less wary.

They've been using a variety of emails to trick people into opening attachments. One business reported an email was sent with 'customer complaint records' attached. They could also be disguising it as UPS, FEDEX, EBAY....It takes nothing to simply make it look like it comes from businesses we all deal with on a regular basis.

Basically the best defense against this is have an external hard drive, maybe use cloud services. But keep backups of every single file you want to keep. That way if you do get it you just format your hard drive, re-install your OS and put stuff back on it. You lose a day, but it's a lot cheaper than the $300 they are demanding for it the key to unlock your files. And honestly even if you did pay them would you ever trust your computer as is to not have the files hidden on there so they could do it again in the future? I'd still format it even then. Backups are a good idea in the first place. Odds are greater your computer will simply fry one day and stop working. You'd lose your files just the same as if you had a virus wipe them out.

Couple update web pages if anyone is interested. These I won't post the text here to save some space.

This one just published yesterday shows many people are indeed getting caught by this one. Estimates so far are that the team of hijackers have made around $30 million so far from this virus.
http://www.pcworld.com/article/2082...ocker-grosses-up-to-30-million-in-ransom.html

And here's a lot more info on how it works and why you're pretty much insta-screwed if you do get it. Keep in mind this page was written a couple months ago and the virus has changed so Malwarebytes does NOT detect the current one as far as I understand. But how it works is still basically the same as described.
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Probably a bit late to the party on this thread.

I cant agree more with Jerry, if it something that cant be replaced make a back up of it - get it off you computer to somewhere safe. Anything from copying it to a cheap and cheerful USB stick (even the ones with pretty big capacity are cheep these days) or external HD, to having sophisticated back up software.

The only thing i would add is a backup copy is only as good a safeguard so long as you can restore it to you computer. No point in having all your data safely secured away if you cannot get it back later when you actually need it. Once a backup is made, make sure you can recover data from it before you really need it.

 

[Teagan]

Okay so say you did get one of these viruses or locks put on all your stuff. Would reinstalling the software fix it?

I do not have a copy of my software. The laptop did not come with it. Is there any way now I can save my OS so if it does ever happen I have a copy on hand to reinstall stuff? Or maybe just be able to wipe it one day if I wanted to? How on earth would I go about this? The only way i can think of is saving to DVD discs but what discs, how big, and how to do it i'm at a loss for. As well as how to just save the OS instead of everything on the computer. All videos I have backed up elsewhere already.

 

[Koolguy321]

Okay so say you did get one of these viruses or locks put on all your stuff. Would reinstalling the software fix it?

If you mean reinstalling Windows again, the answer is YES. But of course you would lose all your personal files.

. Is there any way now I can save my OS so if it does ever happen I have a copy on hand to reinstall stuff? Or maybe just be able to wipe it one day if I wanted to? How on earth would I go about this? The only way i can think of is saving to DVD discs but what discs, how big, and how to do it i'm at a loss for. As well as how to just save the OS instead of everything on the computer

There is Backup software available which will allow you to backup/clone your computer's hard drive, meaning that you can backup the operating system files and your personal files, or just one or the other.
Basically you create a backup image and save it to an external hard drive or DVD, then if you want to restore it, you boot into a live rescue CD, and use the Rescue CD to restore the image to your computers hard drive.

I haven't personally used it, but there is a program called Macrium Reflect Free Edition, which will allow you to create a backup image for free and create a rescue CD also.
I suggest creating a backup image on a external hard drive rather than a DVD, more space plus you can delete and add other files manually onto it if you decide to.
link to the software i mentioned - http://www.macrium.com/reflectfree.aspx
There is also Acronis True Image, it is very popular but is not free - http://www.acronis.co.uk/homecomputing/ ... e-editions

** hope this helps, if you need any help or have any questions, message me