|
Rise of the attack software
posted by GJ on January 30, 2010 @ 9:26AM
If you've spent any amount of time on the Internet, you've probably encountered some or all of the following: - viruses / trojans
- spy / ad ware
- spam
- phishing
- spear-phishing
- dns poisoning
The Net is a dangerous place for the uninformed, but many products exist to minimize the risk. Over time, some people (hopefully) have learned to also stop their risky online behavior, so they're at little risk of damage. However, most people still engage in unsafe online conduct. They fail to keep their antivirus up to date, don't use a router, open every attachment they get from people, and buy products sold by spam. The criminals are still at it, because there are marks freely available even after all these years. Well, the fine researchers at Criminals R Us developed some nasty software that works like this: - You get infected the usual way (spware / trojan).
- Windows alerts you to corrupted files (looks pretty official).
- Holy crap--your TPS reports are corrupt! And you have no backup! (you, my friend, are asking for it).
- Whew--Microsoft recommends a product to fix this. Data Doctor 2010 to the rescue!
- You download it, run it, and it cleans up one file. See, now you can access TPS report #1...but you have 19 more to fix. The trial software only does one file.
- You then pay those nice folks at Data Doctor $89.99 for the complete version of the software. Shortly thereafter, all your TPS reports are fixed. Yay! You tell all your friends...
Unfortunately for you, you didn't have corrupt files. What you had were encrypted files. The nice spyware app found a list of files, likely your Microsoft office docs, but maybe even just files you've recently touched hoping they're not backed up, and encrypted them (that means scramble them with a secret key, and you can only unscramble them with that same secret key). To the uninitiated, the files will indeed appear corrupt--a mess of weird characters if you try to view them directly. The spyware then hijacks the windows security icon in the taskbar to alert you to the problem, and "Microsoft recomends" text is shown to the now panicked computer owner. You then download Data Doctor 2010, which is a sweet looking app (uh, I mean trojan), but it's only the unregistered trial version--to give you a taste of the "fix" b by correcting just one file. It picks up the encryption key stored in the original spyware app, and unscrambles your one file. It then helpfully gives you a way to pay for the full program. By the time it's all over, you have: - paid a crook $90
- effectively installed TWO pieces of bad code on your machine
- given your credit card info to that same crook.
- probably given this to your friends, either directly, or that bad code sitting on your box helpfully passes it to them.
How to protect against it? First: don't get it. If you're following all the guidelines for safe computing, use a router, antivirus software, antispyware software, etc., you probably won't get this fun guy. Second: Back up your files regularly. Best way to combat this would be to nuke the corrupted files, run an antivirus scan, and move on with your life without giving the crook anything. Third: Got corrupted files, and now it's telling you to download Disk Doctor? Don't. Disconnect this computer from the web, and go to another computer and look up the information on this infection to see how it might be undone (today, I don't know of a way, but in the future someone may write a tool to extract the key from the spyware and decrypt your files for you...but don't bet on it). For more technical information and screenshots of the infection's windows and popups, please see this report. Safe computing, everyone!
| Tags: scam, internet, education, computers
|
