IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Worm encrypts your data and asks for ransom, Feels like a SR world type of crime
Backgammon
post Jun 1 2005, 12:38 PM
Post #1


Ain Soph Aur
******

Group: Dumpshocked
Posts: 3,477
Joined: 26-February 02
From: Montreal, Canada
Member No.: 600



QUOTE

Trojan holds computer files to ransom

    * 14:15 25 May 2005
    * NewScientist.com news service
    * Duncan Graham-Rowe

Security experts warned on Tuesday of a new type of threat to computer users called ďransom-wareĒ - malicious code which tries to extort money from users by encoding files on their machines and holding them to ransom.

The new exploit was discovered by San Diego-based company Websense when a corporate client received a demand for $200 for the digital keys to unlock their data.

The malicious code was traced back to a corrupted website. It took advantage of a vulnerability in the victimís web browser, which allowed the code embedded in the website to run automatically on the userís PC.

Once it has infected a computer, the program - a type of Trojan called Pgpcoder - searches the victimís hard drive for 15 common file types to encode, including Word, Excel documents and stored web pages.
Electronic extortion

A note then appears on the victimís screen demanding money for the decoder, with details of an electronic account and a contact email address. ďItís just another version of extortion,Ē says Dan Hubbard, director of security and defence at Websense. But the attack appears to be isolated and fortunately the encoding algorithm was not particularly sophisticated, he adds.

After studying the algorithm, Joe Stewart, a computer security consultant with Chicago-based Lurhq, was quickly able to reverse-engineer it and build a decoder to recover the data. He says it was trivial to decode, although the Trojanís name - Pgpcoder - misleadingly suggests it harnesses the extremely secure encryption software, PGP.

But the danger now is that, instead of using easily decodable algorithms, virus writers might turn to military-grade encryption systems instead. ďIt would be all but impossible to decrypt the files,Ē says Stewart. This in itself may be terrifying enough to cause some people to pay up.


Seems like the kind of thing deckers would do!
Go to the top of the page
 
+Quote Post
Demosthenes
post Jun 1 2005, 03:37 PM
Post #2


Moving Target
**

Group: Members
Posts: 401
Joined: 7-June 02
From: Living with the straw sheep.
Member No.: 2,850



Yeah...
But you'd want to be really careful (as a decker, as well as IRL) about how you protect your identity when you go to collect.
It'd suck if Joe Corp used your extortion data to track you down and ram a black hammer prog down your datajack...
Go to the top of the page
 
+Quote Post
kryton
post Jun 1 2005, 04:05 PM
Post #3


Moving Target
**

Group: Members
Posts: 288
Joined: 3-December 03
From: Boston, Mass
Member No.: 5,874



Maybe it's there to point fingers at a completely unrelated party? Say someone the programmer has rival against. This could be a hacker pointing to an individual who owes him or her money ect. It would be ironic if the account pointed to a Swiss account tied to the military or a military/governmental official. Just because the virus points to you doesn't mean you wrote the code.

Hopefully the coder got rid of the source code and riped his HD's free space.
Go to the top of the page
 
+Quote Post
Wounded Ronin
post Jun 1 2005, 04:55 PM
Post #4


Great Dragon
*********

Group: Members
Posts: 6,640
Joined: 6-June 04
Member No.: 6,383



Wouldn't it be relatively easy to catch someone who tries to get in contact with you like that?

By the way, I think that we should set up a special Federal office to take people who write viruses and throw them into the cage at the next UFC, so that they can throw pathetic computer geek punches against someone like Tank Abbot. And we give Tank Abbot tartar sauce so he can eat them.
Go to the top of the page
 
+Quote Post
Jrayjoker
post Jun 1 2005, 05:18 PM
Post #5


Neophyte Runner
*****

Group: Members
Posts: 2,453
Joined: 17-September 04
From: St. Paul
Member No.: 6,675



QUOTE (Wounded Ronin)
By the way, I think that we should set up a special Federal office to take people who write viruses and throw them into the cage at the next UFC, so that they can throw pathetic computer geek punches against someone like Tank Abbot. And we give Tank Abbot tartar sauce so he can eat them.

Thanks for the image.

If the hacker had any real skill he (and I am assuming it was a he) would have been able to do more damage and used a real algorythm.

And $200? WTF?
Go to the top of the page
 
+Quote Post
wagnern
post Jun 1 2005, 06:44 PM
Post #6


Moving Target
**

Group: Members
Posts: 176
Joined: 8-March 05
Member No.: 7,146



Perhaps they should treat virius production like what it is, vandalism.

"Lets see, your little virus shut down 250 thousand computers and destroyed all data on them, now if we estimate each one of these down computers cost two days of work#, and the employees produce 100 dollars an hour for the employer*, that adds up to . . . -wow, thats a lot of zeros- . . . 50 million dollars of damages. And that dosen't even include damages to indivisuals computers."

#random figure from my head. I imagine some would be up in working in minutes with little lost because of backups, and some would be down for a while and lost their backups so they had to begin a lot a work from scratch.
*That is what me and my fellow chemist are charged out to our clients at.

of corse the problem is catching the scum.

I hope noone ever caves to someone with this kind of plan. If it works wonce, they will do it agian. Take the Isralie aproach to ransoms.
Go to the top of the page
 
+Quote Post
Edward
post Jun 1 2005, 10:14 PM
Post #7


Neophyte Runner
*****

Group: Members
Posts: 2,073
Joined: 23-August 04
Member No.: 6,587



I donít think the vandalism laws (listed under destruction of property in Australia) scale to that kind of level. In fact I canít think of a way to do mor than about 100k worth of damage without being guilty of something worse than destruction of property, be it auto theft, arson, stealing, terrorism.

Edward
Go to the top of the page
 
+Quote Post
Kyuhan
post Jun 2 2005, 06:52 AM
Post #8


Moving Target
**

Group: Members
Posts: 276
Joined: 4-September 04
Member No.: 6,628



I know a few individuals who, if given a ransom like this, would instead invest their resources into finding the fools who highjacked'em...and then they'd make sure said fools would never again be able to use their hands for anything more than gesturing to their preferred liquid meals, forget typing.

However kryton has a point about framing others, in that light, this mindset would be bad.
Go to the top of the page
 
+Quote Post
Nikoli
post Jun 2 2005, 12:03 PM
Post #9


Chicago Survivor
*********

Group: Dumpshocked
Posts: 5,079
Joined: 28-January 04
From: Canton, GA
Member No.: 6,033



That mindset is often bad. Satisfying when properly applied, but still very bad.
Go to the top of the page
 
+Quote Post
Wounded Ronin
post Jun 2 2005, 03:52 PM
Post #10


Great Dragon
*********

Group: Members
Posts: 6,640
Joined: 6-June 04
Member No.: 6,383



QUOTE (Nikoli)
That mindset is often bad. Satisfying when properly applied, but still very bad.

Save the script kiddies?
Go to the top of the page
 
+Quote Post
hyzmarca
post Jun 3 2005, 03:46 AM
Post #11


Midnight Toker
**********

Group: Members
Posts: 7,686
Joined: 4-July 04
From: Zombie Drop Bear Santa's Workshop
Member No.: 6,456



QUOTE (Edward)
I donít think the vandalism laws (listed under destruction of property in Australia) scale to that kind of level. In fact I canít think of a way to do mor than about 100k worth of damage without being guilty of something worse than destruction of property, be it auto theft, arson, stealing, terrorism.

Edward

Give me a box cutter and take me to the Louvre. I'll show you how you can do 100k+ damage without being guilty of anything else.

That would actually be an interesting run. An argry artist or art collector paying some runners to publicly deface a priceless painting.
Go to the top of the page
 
+Quote Post
Wounded Ronin
post Jun 3 2005, 05:08 PM
Post #12


Great Dragon
*********

Group: Members
Posts: 6,640
Joined: 6-June 04
Member No.: 6,383



QUOTE (hyzmarca)
QUOTE (Edward @ Jun 1 2005, 05:14 PM)
I donít think the vandalism laws (listed under destruction of property in Australia) scale to that kind of level. In fact I canít think of a way to do mor than about 100k worth of damage without being guilty of something worse than destruction of property, be it auto theft, arson, stealing, terrorism.

Edward

Give me a box cutter and take me to the Louvre. I'll show you how you can do 100k+ damage without being guilty of anything else.

That would actually be an interesting run. An argry artist or art collector paying some runners to publicly deface a priceless painting.

And then anally dominate them with DNA evidence after the fact. I'll bet that in the heat of the moment a lot of the players would forget that using bodily secretions on a painting really isn't a good idea.
Go to the top of the page
 
+Quote Post
nezumi
post Jun 3 2005, 05:28 PM
Post #13


Incertum est quo loco te mors expectet;
*********

Group: Dumpshocked
Posts: 6,546
Joined: 24-October 03
From: DeeCee, U.S.
Member No.: 5,760



Errr... I think he was talking about slashing up the paintings, not bleeding on them, in which case bodily secretions shouldn't come into play unless you secrete box cutters.
Go to the top of the page
 
+Quote Post
Kagetenshi
post Jun 3 2005, 09:09 PM
Post #14


Manus Celer Dei
**********

Group: Dumpshocked
Posts: 16,950
Joined: 30-December 02
From: Boston
Member No.: 3,802



What we need are some more old-school viruses. Screw holding drives for ransom, random devastation or subtle long-term data loss is what it's really all about.

It's so sad seeing things get commercialized like this.

~J
Go to the top of the page
 
+Quote Post
Wounded Ronin
post Jun 4 2005, 03:32 PM
Post #15


Great Dragon
*********

Group: Members
Posts: 6,640
Joined: 6-June 04
Member No.: 6,383



QUOTE (nezumi)
Errr... I think he was talking about slashing up the paintings, not bleeding on them, in which case bodily secretions shouldn't come into play unless you secrete box cutters.

I dunno, the ultimate way to deface the Mona Lisa would be to ejaculate on her face, yes?
Go to the top of the page
 
+Quote Post
nezumi
post Jun 4 2005, 06:39 PM
Post #16


Incertum est quo loco te mors expectet;
*********

Group: Dumpshocked
Posts: 6,546
Joined: 24-October 03
From: DeeCee, U.S.
Member No.: 5,760



*chuckle* That would be pretty theatrical, but I can't imagine ANY running group that'd be willing to take quite that sort of a job.

I'm going to be laughing about that one for a while, though...
Go to the top of the page
 
+Quote Post
SkeevePlowse
post Jun 5 2005, 08:57 PM
Post #17


Target
*

Group: Members
Posts: 44
Joined: 22-May 05
Member No.: 7,406



Well, you can't forget the ever-popular 'set it on fire and then pee it out'.
Go to the top of the page
 
+Quote Post
Chibu
post Jun 5 2005, 09:48 PM
Post #18


Moving Target
**

Group: Members
Posts: 494
Joined: 19-February 05
From: Amazonia
Member No.: 7,102



QUOTE (Kagetenshi)
What we need are some more old-school viruses. Screw holding drives for ransom, random devastation or subtle long-term data loss is what it's really all about.

It's so sad seeing things get commercialized like this.

~J

you said it. People are now writing for braging writes. And that pisses me off. if i get a virus that someome made as a test of skill, fine by me, however, if it's for braging, or for destruction, i will hunt them down and they will not be happy about it ^-^.

And, the encryption worm, looks more like a test of someone's skill, and not wonton destruction. I think it was pretty neet.
Go to the top of the page
 
+Quote Post
Kagetenshi
post Jun 5 2005, 09:50 PM
Post #19


Manus Celer Dei
**********

Group: Dumpshocked
Posts: 16,950
Joined: 30-December 02
From: Boston
Member No.: 3,802



What we really need is another virus that will play us German folk tunes at random intervals.

~J
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 31st May 2023 - 03:56 AM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.