Herbalist Dr MziziMkavu
JF-Expert Member
- Feb 3, 2009
- 42,314
- 33,108
Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan
Courtesy PandaLabs
Turning hijacked computers into cash is still hard work for most computer criminals. They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product -- or they have to steal online banking passwords, log onto a victims account, bypass the banks money transfer fraud controls, and so on.
It's much easier to just demand cash directly from infected users -- a crime that's the Internet's equivalent of kidnapping.
"Give me all your money or your computer gets it-" is the basic proposition.
The technique was dubbed "ransomware" many years ago by computer virus researchers, and is not new. What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.
In December, the FBI issued a warning about a broader category of malicious programs called "rogueware. These programs appear on users' machines and claim to find viruses, then offer to clean them for $50. Rogueware looks so realistic -- complete with Windows-like dialog boxes and scary warnings -- that Web users were tricked into sending $150 million to criminals last year, the FBI says.
The new ransomware is similar, but far more aggressive. Once a computer is infected with it, the program does more than recommend a software purchase it simply won't let users continue to use their PC until they pay up.
Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding -- 25 percent of all rogueware in the past quarter involved a family of intimidating products named "TotalAntivirus. It demands that users pay $50 for two years, $79 for a lifetime license.
The increase (in ransomware) has been really significant, Granel said. A single family of ransomware programs called Total Security made up one-quarter of all rogueware programs detected during the past three months, he said.
To an average user, most rogueware would be indistinguishable from other standard antivirus products. They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you'd expect from standard antivirus products. Total Security even lets users choose their language -- English, Spanish, and German are offered.
The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group -- because computer criminals are refining their programming methods, and getting more aggressive about taking people's money.
See ransomware in action with this video from PandaLabs.
"Instead of trying to fool people and getting one out of 1,000 to pay, what they're doing now is just locking up the PC and telling them they have to pay," he said. "It's a really violent approach, really nasty."
There might be one silver lining to the rise of ransomware, Cassidy said.
"It's not in that gray area of selling people useless crap," he said. Its clearly criminal, and extortion does get the attention of law enforcement officials.
As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine "poisoning," so their booby-trapped Web sites would rate high in Google searches about Haitis earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.
"That's their distribution model," Harrison said -. "They used to do it subtly, but now they are doing it much more brazenly."
Screen capture provided by PandaLabs.
In some versions, users will see a message that says, "Google recommends you install this," or "Microsoft recommends you turn this feature on- then, they take over your computer and all of a sudden it looks like you have 900 viruses," he said.
The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure, doesn't disable all software, but it does something just as debilitating -- it encrypts all the files on a victim's computer, and forces them to pay for decryption. The program, which calls itself Data Doctor 2010, costs $89.
RED TAPE WRESTLING TIPS
In some cases, researchers say, paying the ransom does work, at least initially. Still, it's a terrible idea to pay. On a grand scale, you've just subsidized a criminal. But there are far more practical concerns -- why would you trust the author of ransomware with your credit card number? Perhaps you think you'd never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.
If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the 'x' in the upper-right hand corner. Don't use the "OK/Cancel" buttons in the window -- criminals often reprogram these.
You may or may not be infected anyway -- it's possible you are already the victim of a "drive-by download" that doesn't require user interaction. So run an antivirus scan, if you can.
If the rogue software has actually taken over your computer, physically disconnect it from the Internet to avoid having your personal information sent back to the criminal. Then go to a different computer to search for solutions. Type in the name of the rogue software and search for information on well-known antivirus Web sites. Many antivirus firms offer free cleaners you can download or place onto a USB memory stick, and run on your infected computer.
But maintain healthy suspicion at all times. Ransomware authors have gone so far as to create fake software reviews about their products and place them around the Internet, even stealing logos from reputable technology publications, says Harrison.
"The idea is you search for information about the program and this turns up, and you figure it's ok so you install it," he said. "Some of this is soft sell, some is very hard sell."
As always, its never a good idea to follow links in e-mails when heading to Web sites it takes an extra moment, but always click into your browsers address bar and manually type the address.
Become a Red Tape Chronicles Facebook fan or follow me at http://twitter.com/RedTapeChron
EMAIL THIS
197 COMMENTS
Mac users need to remember that they are NOT invulnerable... it's simply that Macs weren't targeted for so long because they comprised such a small percentage of the target base. It simply wasn't "cost-effective." Linux by nature is open source, and since it's relatively similar to Windows it's not difficult to target with no or few tweaks.
"Drive-by downloads" can occur at any time - any time you visit a webpage, all the images, embedded, videos, etc. need to download - it's not hard to embed a hidden file that will also download at the same time and then !BAM! you've got the virus/trojan/worm/etc. You may never see a pop-up; you may never have to click on anything.
Safest of all is to simply never hook your computer up to the internet, but obviously that's not practical. Use a good trusted anti-virus program such as Norton or McAfee, update it at least once ever month (once per week is better; once per day best of all), get and USE a good strong firewall (Windows Firewall is good but you should get a stronger, secondary one - remember, you get what you pay for), and use a proxy server if you can to help "hide" your computer. Also make sure, whatever web browser you use, to go into Internet Options (or the equivalent) and set all the security settings so that nothing downloads without your permission (most of this will be on the "Advanced" tab). If you don't want to set it to "never," such as for Java applets you might actually want (games, for ex.), then set it to ask you each time.
Don't forget to check the BBB before buying ANY software - make sure the company's legit!
M. Kenal (Sent Jan 29, 2010 3:23:47 PM)
These can be quite painful on an infected user often disabling internet access, antivirus software, system restore and the task manager.. but it has to load up just like other software to function correctly.. so restart your computer and before anything has a chance to load up press ctrl+alt+delete click on task manager and then click the processes tab.. there you will see the various processes being run on your computer.. at the top of the list will be where the most recent programs are loading.. watch for programs(.exe) that dont appear to belong(it would help if you got an idea of what programs normally run when your computer is not infected)when you see one of these programs pop up right click it and end its process.. you will have to end several processes as this software really wants to run.. after you have ended these processes you'll find that you have enough functionality to be able to either use your virus scanner or find what you need online.. I hope this information helps those that cant afford to bring it to someone and dont have the luxury of a spare computer..
Michael Butte, MT. (Sent Jan 29, 2010 3:21:35 PM)
I am a computer tech and lately have been dealing with these issues. Best way is to shutdown the computer and restart in safe mode with networking. Download Malwarebytes and run it. Do a full scan and after it finds the infected objects, it will prompt you to remove them and it restarts to finish cleaning process. Boot normally and run the scan again in quick mode. Mostly the second scan cleans up the system. Combofix is also a good alternative. Hopefully it will help some of you out there. Its a simple process and can be done by an average user. Good luck.
Jason, Ca (Sent Jan 29, 2010 3:21:08 PM)
I am really sick of mac users popping off about not having security problems. The fact is Apple does not take security seriously and mac software is significantly more vulnerable then Windows. At any given time there are several times the number of known security holes in the mac os than in Windows. (example article from a quick Google search: http://blogs.zdnet.com/security/?p=758 ) Microsoft patches its applications much faster than Apple. Apple has shown a negligent disregard for security in all its products - iPhone, iPod, etc... (have not looked at iPad - probably won't, my 1 year old HTC phone has more computing power than the iPad) Apple needs to end it's arrogance and start producing quality gear! This head in the sand attitude by mac users is going to get them in trouble. The security of Apple products is so bad we don't even allow them on our corporate network any more. This includes iPhones and iPods. Note: I have 15 years experience in software development, worked with both windows and mac.
efore elmo (Sent Jan 29, 2010 3:17:41 PM)
I got an infection like that in my work computer. I was just doing some innocent research on Google, when this insidious message re: "Security Tool" popped up and kept popping up. It just would not go away until a microsystems technician installed a program to find and delete "malware". I lost the wallpaper and Sophos anti-virus software, but everything else is OK.
Jeff Knight, Miami, FL (Sent Jan 29, 2010 3:16:59 PM)
This just happend to me in December. I got the exact same pop up box that appears in the beginning of this article. I purchased Norton Anti Virus Spyware and it removed this immediately. However, I will tell you I almost gave them my credit card information. I'm glad that my gut feeling told me not to. If not I would have been a victim of this scam myself.
Lourdes, Easton, PA (Sent Jan 29, 2010 3:16:41 PM)
I use Spybot, another free malware removal tool, and it kills the malware even before it starts changing anything in your registry or any files on your computer.
Dalitso, Fort Worth, Tx (Sent Jan 29, 2010 3:08:52 PM)
I don't get you guys. I have never had a problem like this on my computers. I don't even use anti virus anymore, I just run some anti spyware scans every few weeks. I don't know what the heck you are all doing online but maybe a little common sense about the way you use your computer will help. onling gaming, porn, casino sites, downloading movies and music, screwing with social networking add-on apps; with all of these things you are just begging to get slammed with spyware/malware/viruses so make sure you have proper security protection. its like going to a whorehouse and not bringing and using condoms. its not the technology - its your behavior that needs to change. take some responsibility for your online actions.
feeyishes, san diego (Sent Jan 29, 2010 3:06:30 PM)
I think the real computer security companies have been secretly creating/funding/supporting viruses for a while. Without real threats you can't sell the solution.
jake, minneapolis, mn (Sent Jan 29, 2010 3:04:33 PM)
Smart little buggers.
My parents had this on their home computer about 2 weeks ago. It blocked internet explorer and gave a message as described. The messages said things like identity theft attempt, email compromised, etc etc. First I did a scan through windows, which did find a critical virus and removed it. Good for 2 days and then it was back. Downloaded AVG free(it's really totally free, not a trial) and ran that. Havn't had a problem since but I'm not sure I actually got rid of it or if it's just dormant(like it was for 2 days). Computers not even a year old.
jake, minneapolis, mn (Sent Jan 29, 2010 2:59:43 PM)
It needs to be remembered that it isn't the website itself that is suspect. It is the advertisments within that page that starts the whole nasty infection process. I had the New York Times site try to pop me before I moved to Windows 7.
DS (Sent Jan 29, 2010 2:59:01 PM)
www.malwarebytes.org Readers Lets Get some kind of pitition for US Congressional Recognition for this Corp that FREELY HELPED US CASH STAPPERS. Coodos to malwarebytes I ReallY thank these Guys/Gals being of a budget as I and I know others are, they make gold free to use ,I wish we can include them on our taxes so they can receive some type of credit from the government for helpping so mant in this economy ( low cash) so that career seekers can continue to job search without thier computers being held ransom
SAM PHIARRAPI@YAHOO.COM
sam (Sent Jan 29, 2010 2:57:06 PM)
"After talking to Microsoft technical support about not being able to connect to the internet, I later installed OneCare by Microsoft. Best anti-virus yet- and the best technical support!"
Maybe, but Microsft announced OneCare is being discontinued. It's already no longer available for sale, and once your subscription runs out you will no longer be supported...
Bottom line, I'm glad it worked, but it's not a realistic solution anymore.
Steve Sprinkle, Hampton VA (Sent Jan 29, 2010 2:54:46 PM)
I've had success removing this type of deeply embedded, malicious software from machines by removing the hard drive from the infected machine, setting it as a slave drive, installing it into a clean machine, booting the clean machine normally, and running virus scan (AVG Free) on the infected drive. It's a little time consuming, but a lot easier than trying to manually clean the machine. Just make sure you boot from the clean drive, or else the infected drive will probably infect the clean drive.
Adrian, Miami, FL (Sent Jan 29, 2010 2:48:12 PM)
j9...You have some serious issues.You obviously think porn is the death of civilization as we know it.Anyone that uses the internet is,in one way or another,just an innocent click away from an infection.Be it a rogue,or a virus.Do some homework.Look at some security forums.READ SOMETHING.And get a grip.Porn,in itself,is NOT the problem.Just a tiny fragment of this puzzle.
John Saginaw Mi. (Sent Jan 29, 2010 2:40:52 PM)
Dallas... you hit it right on when you said...
"I strongly believe that the Anti-virus software companies are the ones that launch these viruses to continue to sell and profit from customers".
TOTALLY AGREE!!
They think we don't know their true profit is based on the "fixes", not virus prevention/ protection. And even assuming they are not the ones bombarding people's pc's with viruses or paying under the table to rogue individuals to do so, then I bet they are pretty happy such criminals do exist. Because that's the way they make the big bucs! They don't want the problem to go away. If it does go away, then their lucrative dirty lil' business goes away too! So they perpetuate it by joining forces with the criminals and thus becoming the problem themselves.
The Anti-Virus Software industry is nothing but an established mafia and the entire world is their playground. It's a shame the government has allowed them to stay in business for so long. You don't need to be a genious to know they are the ones with the dirty tricks. They are either planting the viruses themselves or hiring criminals to do it for them in order to force users to buy more and more anti-virus software or pay for upgrades every year. It's a round business! Everybody wins, except us..
I wouldn't be surprized to learn that other industries are in conspiration with the anti-virus software developers.. like the PC makers. It makes sense.. the more PC's break down the more new PC's will be sold.
Pokerface (Sent Jan 29, 2010 2:40:16 PM)
"I have a Mac, and I'm Sooooo smart!"
--Smart you may be, but you are also an arrogant pr1ck.
Haywood Jablome (Sent Jan 29, 2010 2:39:36 PM)
I have to agree that it is not just porn sites. I was searching for an IEEE article and it popped up in multiple locations. I clicked on one link, and well, it wasn't the IEEE article.
And no, IEEE ain't porn, unless you are an Electrical Engineer.
They create fake sites that mirror or mimic legitimate sites, and then they load these Trojans.
Had it happen last year on a different computer) and I had to reformat the hard drive (again, windows ran better as a result!).
I have six computers, and try to double, triple, or quadruple backup my data. Also, I am putting more and more in the "cloud" as well. So even if one machine is hacked, at least I don't lose any data.
Save those older computers, put them on your network, and backup your data to them occasionally.
Joe Patent (Sent Jan 29, 2010 2:37:38 PM)
Use Linux and you wont have any of these problems!
-Or use Windows as your main OS then dual boot with Linux (surf the internet with Linux only).
-Or use Windows as your main OS and use VMWare to virtually boot Linux and surf the internet only in Linux.
Brad K (Sent Jan 29, 2010 2:35:58 PM)
Malwarebytes worked for me. I tried to run a scan using Mcafee, but the virus would shut it down. I had to use another computer to find this solution. I had to shut down the process using the task manager, download malwarebytes, scan and remove, then I could run a scan with my AV, which still found 39 viruses. Then I still had the pop-ups until I removed all the program files. My puter was down for two days.
kevin, nova (Sent Jan 29, 2010 2:35:42 PM)
My Mom got hit by a paricularly bad one twice (it took me 4 hours to clean her computer the first time. Wouldn't let most programs run except for Internet Explorer and that kept taking her to the fake anti-virus web site. She basically had a tan screen with no toolbars. Before she called me she was going to pay - the only thing that stopped her was that she still uses dial-up and the malware stopped her ISP software from running...in some sort of pyrrhic victory, their own malware stopped them from preying on my Mom...
Steve Sprinkle, Hampton VA (Sent Jan 29, 2010 2:34:34 PM)
Had this happen the other day. It really made a mess of things and I had to re-install windows. I did not lose any data, but I wasted about a half a day re-installing all my software (bonus, the computer runs faster now).
Spybot and Malwarebytes helped clean out the remnants. I am not sure how I even got this Trojan - from a website or what?
I try to tell friends about this, but particularly older people tend to trust anything with a trademarked logo on it. So if it says "Windows has found a virus, click here!" they click, never mind that Windows, by itself, doesn't "find viruses".
The Internet is too important as a means of commerce (not all of us are just on Facebook!) to let this happen.
Of course, some anti-virus companies are just happy with things they way they are. Fear sells, and some of my older friends have paid good money to the "legitimate" anti-virus companies, and have so much software running in the background now that their computers barely run.
Joe Patent (Sent Jan 29, 2010 2:31:54 PM)
try avast home edition. and yes, one is made for linux users as well. when following a link. dont be a lazy american. (or lazy in general) dont even follow the link. type it in your browser. not sure o fthe link or site? then dont go. and you wont have a problem. viruses etc dont just randomly appear as if some sort of e-fairy put them there. its your fault. you go. you get. you get screwed. be cautious and weary. just assume that every website out there is out to get your money. ( oh wait, they ARE).
ccleaner is aloso cool as well, while it isnt really for anti virus, its great for keeping your system fast and fresh. both are foun d at avast.com and ccleaner.com i use them both, and i have had no troubles at all. and for the record...linux pwns
send me an email if you need anytihng further. i will be happy to help
happy linux guy the Z (Sent Jan 29, 2010 2:30:58 PM)
Something that I don't agree with in this article is just "removing" the virus with tools. Personally, I never trust a computer once it's been comprimised by something major like this. I would reformat the hard drive, use a Virus checker liveCD to check all of my files on another drive, and then reinstall Windows. Once you're been comprimised like this, it's very hard to tell if you're completely safe, they may have left a back door in somewhere, to make it easier to infect you again, or they might have deleted a critical system file, or some other incident that can cripple or make the computer unsafe to use again
Elliot Womack, Aragon, Georgia (Sent Jan 29, 2010 2:30:48 PM)
If these things come from ads, would it help to install an add-in like AdBlockerPlus to your Web browser? I have it on Firefox purely because I have no interest in seeing ads when I'm online. Does it help with security too?
what.choo.got, Somewhere, Midwest (Sent Jan 29, 2010 2:29:36 PM)
I have a Mac, and I'm Sooooo smart!
Please, read what everyone else is saying.
Johnn Doe, Seattle Wash. (Sent Jan 29, 2010 2:26:15 PM)
Clicking 'Cancel' or even the 'X' button can execute any code the programmer wishes. If it isn't too late, kill the browser from Task Manager. With IE, there's a good chance that it is already too late.
As for Mac and Linux users, you are only immune from Windows-based malware. You are still very vulnerable to Mac or Linux malware. Where on Earth did the idea that Macs or Linux PCs are invulnerable come from? From what I hear, and I don't have the details, even Apple introduced an anti-malware component into Snow Leopard. If Macs were invulnerable to malware, you wouldn't need anti-malware. Would you?
AlBme, NYC, New York (Sent Jan 29, 2010 2:26:06 PM)
Masman: MAC's get infected too. We are seeing it more and more. The reason is, as MACs get more popular, there are more machines to infect. In the past hackers have not focused on MACs because the market was small. Why infect 100 people (Just an example with easy numbers) on MACs when you can ifect 1000 on PCs. Sadly, it makes some sense. Either way, this software is annoying to say the very least.
Rob, Las Vegas, NV (Sent Jan 29, 2010 2:26:00 PM)
Even clicking the 'x' can be dangerous, that button can be re-prgrammed as well. Try Holding down 'alt' and pressing 'F4', this will kill the connection to the "top" window without acknowledging it. Save your work, then disconnect from the internet.
Rob, Las Vegas, NV (Sent Jan 29, 2010 2:22:58 PM)
These people should be EASY to stop. The credit card company has RECORDS OF WHERE THE MONEY WENT!!!!!! Just find out who received the cash and sue them into oblivion!
Renee Marie Jones, Phoenix, AZ (Sent Jan 29, 2010 2:18:42 PM)
Best way to avoid this stuff is when it does pop up on the screen, use your Task Manager to close the "aaplication". Hit CTRL+ALT+DEL keys at once (Control and Alternate and Delete keys) or right click on Start/Program bar and choose Task Manager, click the Applications tab and if you see something out of the oridinary right click and choose End Task. May have to do it once or twice. Also you can check in the Processes tab as well. Never ever click the Close button or the white "X" in the red box in upper right hand corner. Most of these are just large graphics with hyperlinks attached or will start to install a file no matter where you click.
WSSW from SWFL (Sent Jan 29, 2010 2:18:13 PM)
y wife got her Winblows laptop infected with one of
these hijacking viruses recently in spite of having a
current copy of McAfee running. After about a day of disinfecting it I got it back to normal, then
decided to run a Windows Update. Now it only boots
into the Blue Screen of Death.
It now runs PuppyLinux.
Good riddance!
Uwe, Nashua, NH (Sent Jan 29, 2010 2:14:58 PM)
Why don't all you brilliant programmers develop a counterattack program to infect the attacker's puter and make some real money ???
Denny Seattle,Wa. (Sent Jan 29, 2010 2:14:23 PM)
I'd strongly recommend Web of Trust for a lot of peeps out there. www.mywot.com
It's a *Firefox* add-on which works with a user base of people like us. Sites are rated based on their reputation and content. The ratings are displayed next to links, which is nice.
It's not a full proof way of keeping junk out, but I've personally found it *very* useful for keeping away from shady sites when doing my browsing. It's yet to point me in a bad direction.
There's also the *Firefox* add-on, NoScript, which only allows Java and Flash on sites you trust. Very useful.
Michael, Grand Rapids, Michigan (Sent Jan 29, 2010 2:13:45 PM)
I've had friends and co-workers infected with something very similar. Basically we wiped the machines, re-installed everything and they started all over .. .
They now pay attention to where they go and what they do. Once bit . .twice shy . .
Ann, NH (Sent Jan 29, 2010 2:12:10 PM)
No, DB in New Hampshire.....not too strong!
DW, Texas (Sent Jan 29, 2010 2:12:00 PM)
I cleaned this nonsense....titled Personal Security 'authorand Internet Security 2010 but clearly from the same "author"....from my neighbor's computer three times last week, and since I have dug around in his computer from start to finish and he has NEVER been on a porn site on it. Once you have done it a couple of times, it's surprisingly easy to get rid of.
Boot up in safe mode, download and run Malwarebytes (available free from ZDnet as well as other places). Then download Spybot Search and Destroy and AVG, both also free from the same sources, and run those.
Next you want to do a system restore to a time well before the infestation. You may have to do this a couple of times, but it will ultimately do the trick, and the good news is that it takes less time each time.
Another good thing to tell the folks whose computers you are powerwashing (LOL)is that if they see anything downloading that they didn't click to download, YANK THE PHONE CORD!!!!!!
We finally tracked my neighbor's problem to a game site called flyordie.com that a friend was accessing on his computer to play chess.
The first cleanup took almost nine hours. The second one took about four. The third took only about 45 minutes, because the guy was standing there when it started and yanked the phone line.
Tired tech, West Baden Springs, IN (Sent Jan 29, 2010 2:11:28 PM)
Use AVG, either the free version or the paid version. I've used it for YEARS, my husband, with a Computer Science degree uses it. We've never had a virus that it didn't catch. Also, we use Sygate firewall, not sure if they're still around, but, again, we have no problems. I tried Symantec, McAfee and Norton before switching to AVG. All of those used so much more hard drive space, cpu power, and were really invasive. They slowed down so many programs and when I got tired of it I had a hard time fully uninstalling them.
Or, if you want to be really safe and stick it to the man ^^ switch to a Linux OS. There are some drawbacks, such as we can't play one of our favorite online games with a Linux OS, but that's why we have more than one computer around. Ubuntu is great, and for those with more experience or who want to learn and mess around more, try Debian.
My work computer recently got one of these viruses that look like part of Microsoft Security Center. I got so fed up with it that I switched to Debian and absolutely LOVE it.
Lisa, Seattle WA (Sent Jan 29, 2010 2:10:22 PM)
I forgot to add that it's critical to patch applications, especially Adobe Reader, Adobe Flash, Quicktime and anything Oracle. Go to Help, Check for Updates. While these may automatically check for updates, they often are primary routes for infection and aren't updated by their vendors nearly as often as they should be.
Contrary to popular belief, Microsoft has an excellent reputation in the information security community for it's security maturity. They had to get better, because the business market beat them over the head for years about it, then the EU joined in. Their 'Patch Tuesday' is an industry-best in that it's now baked-in to regular operations maintenance. Their security research teams are world-class.
All software can be compromised because of code complexity, poor engineering and the need for backwards compatibility. Microsoft isn't perfect, but they've made a vast improvement because the market made them do so.
Apple, on the other hand, is known for lagging with their updates and sometimes releases barely functional ones, like their failed DNS patch last year. Oracle is notorious for buggy software.
Linux is good, especially Ubuntu. But, there are a lot of Linux issues too, which is a trade-off with open-source. Last year, hackers managed to poison the OS kernel repository but fortunately it was caught.
It's a never-ending fight, and yes, you do have to 'pay attention to the man behind the curtain'...
Bill W, Gig Harbor, Washington (Sent Jan 29, 2010 2:10:18 PM)
I had this exact type of virus happen to me last month.Cost me 79.00 to get repaired. I asked the `tech guy what I can do to try and prevent it from happeng again. He gave me a few pointers.
If your not sure about your e mails, simply delete them before opening, stay away from sites such as porn, shady type sites, etc. These are usually an accident waiting to happen he says. After I got my system home and set up, everything was back to normal until the other nght. Another sign says I was infected. I remember what the `tech told me to do. I shut down the computer, re-stared it, ran a anti-malware scan which the `techs installed while in the shop. After the scan, there were 16 viruses. it asked to remove, which I did and everything has been normal since. They are out there. We have got to learn how to counter them at their own game. just like any other `Con
K. Jones, Saint George, Utah (Sent Jan 29, 2010 2:09:58 PM)
So what if someone IS looking at porn, its our in-alienable right wo wank. I hate Malware because it interrupts my ejaculation. It sucks to have a raging boner and suddenly have to disconnect from the net and re-boot...frantically trying to get back to some good porn so you can finish LOL
Don - Brazoria, TX (Sent Jan 29, 2010 2:09:16 PM)
My laptop was affected with a similar virus last week. I spent many hours to fix it and didn't want to give away control of my pc. After installing many anti-virus programs, malware removal I was able to restore it.
The virus was so wacky that it took control of TaskManager, RegEdit, Wireless connection. It looks exactly like an anti virus program with a title 'Anti-Virus 2010 removal'. Would recommend that one should have Avast Anti-Virus, Malaware Malabyte, HitManPro and bunch of other utils.
SJ, Fremont, CA (Sent Jan 29, 2010 2:07:04 PM)
Half of your virus protection lands at your fingertips. If you get an email or see something that looks like it is off, most likely it is. I have personally caught a dozen attempts this way before the antivirus had the chance to say so...and Norton got the rest. Good virus protection is cheap insurance. Sure, the computer is a few hundred or a few thousand perhaps...but what is your time, aggrivation, and lost data worth to you.
Trust your instincts. If it looks wrong or out of place or plain doesn't make sense, be wary of it.
David, Cheyenne, Wyoming (Sent Jan 29, 2010 2:06:54 PM)
Was hit with this very same attack a few months ago. I fixed the problem by turning off the computer and starting up in safe mode. This allow me access to the software on the computer that the malicious program would not allow otherwise. I found the malicious program embedded in my startup program list on my antivirus program. This meant that no matter what i did so long as that start up program was allowed to proceed the malicious software would take over. By starting in safe mode i was allowed to start without the startup in the antivirus program. The fix was to simply delete the program from the start up menu. Then remove the program from the computer all together. Then run antivirus program. Then run system restore to an earlier date of safety.
TA, Atlanta,Ga (Sent Jan 29, 2010 2:05:33 PM)
These can come from anywhere. I almost got hit with one from a video someone sent me on Facebook a few months back, but Firefox blocked the drive-by download.
Timothy, Florida (Sent Jan 29, 2010 2:05:15 PM)
"Macs are far from immune to hacking, it's just that the numbers right now don't make sense." Please stop spreading this fallacy. Macs are more secure because of the UNIX based operating system. It has nothing to do with the marketshare. And that "hack" contest you referred to? That was a web browser plugin, and it was patched immediately. There have been no actual OS X worms to date, and no malware like the cruft that affects Windows on a daily basis.
That being said, Microsoft Security Essentials is a decent (and FREE) product. Microsoft bought out an antivirus company a few years ago and rolled out this product. It's beaten Avast and AVG in many cases. Another tip is to use Firefox and stop using Outlook and Internet Explorer. Keep stuff up to date, too!
(source: 20+ years herding computers around)
Bob, Dallas, TX (Sent Jan 29, 2010 2:04:21 PM)
I just yesterday, had to reformat and fresh install the OS. This was on a business computer, and the user was at the Turbo Tax web site, and all hell broke loose. I ran a virus scan in safe mode and it found no viruses or other malware, but when I rebooted, there it all was again. I have "cleaned" perhaps 20 systems in the past year and the only way I was able to get rid of this was a reformat and fresh install of the OS. This could be stopped by the "Powers That Be", but it is not a high enough priority. Just some thoughts.
John Doe, Seattle, WA (Sent Jan 29, 2010 2:04:16 PM)
I tried everything to get rid of ransomware program. Finally I reset my computer back a couple days prior to getting the "virus" and it worked. Program disappeared and no problems since.
Riptide (Sent Jan 29, 2010 2:03:31 PM)
After talking to Microsoft technical support about not being able to connect to the internet, I later installed OneCare by Microsoft. Best anti-virus yet- and the best technical support!
HP, Ypsilanti, MI (Sent Jan 29, 2010 2:02:59 PM)
I recieved mine, when I googled for "election results 2009" on election Day-hardly porn. I finally did a complete OS re-install to get rid of it. There is all kinds of software out there that claim to get rid of it-don't waste your time. My friendly IT person said to avoid google as a search engine, instead use yahoo or Bing- these search engines will filter and give you a heads up prior to your searched site.
EJH (Sent Jan 29, 2010 2:01:35 PM)
Worth repeating, get a MAC, no more problems. I was fed up with these exact problems for the last 6 months, I transferred everything onto my new Mac and tossed the old computer out. With the money I have spent on virus software and repair people who really couldn't figure out the problem I could have bought a new Mac in the first place. When I asked about virus software for my new purchase, I was told I don't need any. The four salespeople in the electronics store I purchased my new computer ALL own MACS.
tina, santa ana, CA (Sent Jan 29, 2010 2:01:11 PM)
We got one called Antivirus Pro. It looked unbelievably real and shut down our entire system. We ended up bringing it to a computer repair place to fix. They installed Malwarebytes and it took care of the problem. There's a free version of Malwarebytes available for download on the internet. Just fyi, the free version requires you to update it manually - only the paid version does it automatically. That's very easy though.
M, Hartford, CT (Sent Jan 29, 2010 2:00:19 PM)
If clicking 'X' does not work try pressing ALT+F4. This will close the active open window.
P, Milwaukee WI (Sent Jan 29, 2010 1:59:12 PM)
It doesn't matter where it came from. The best solution is to do frequent backups of your data to a backup HDD. Have a second HDD configured with your OS & APPS sitting in your desk as a spare to the one in your computer. Then when (not if) you get zapped, do the following:
Procedure 1
1) Swap HDDs on the computer
2) Reload your data from the backup HDD
3) Get all of the new security updates for the OS on the new HDD
4) Go back to work
....
Then, later, at your leisure:
Procedure 2
1) Swap the infected HDD back
2) WIPE IT FLAT & FORMAT IT - for XP, Vista, & W-7, do this by setting the boot device to CD & boot from the installation CD. Proceed from there.
3) Reload your OS & get all of the security updates
...
4) Swap it out and put it in storage (for the next time you are hacked)
5) Swap in your working HDD and go back to work
...
Note: This is also a good practice for an HDD head crash. ... Not mal-ware this time, simply a hardware failure. They ***do*** happen. I have had two HDD failures of this kind in the past 10 years.
In this case, perform Procedure 1, then smash the broken HDD with a hammer and toss it into the trash. Purchase a replacement HDD, format it and load it with your OS & APPS. It will be your new reserve (backup HDD).
(Secret tip: M-Soft has a limit on how often you can re-load MS-Office software on a computer. If you hit this limit, call the 800 number on the denial popup window, give your explanation - reloading after virus attack or HDD head crash - and M-Soft will give you a new license key. You will need your CD and box with the original license key when you call.)
And, of course, you have retained a copy of all of your OS & applications CDs together in a storage tote so that you can 1) easily rebuild your system & 2) prove that you are the rightful owner and user of the software on your computer, if asked. It's only common sense.
PS. The folks at BSA.org can fine you, or sue you in court, if you have pirated software, or legitimate and you can't verify the source of your software. Individuals are usually not targets, however, employers are. An angry employee, who was laid off a few years ago, got revenge on his employer by sending in a tip to BSA.org. The employer had sloppy records (and some pirated software). The end result was a 7 figure fine! I was there & saw it all go down.
DE, Minneapolis, MN (Sent Jan 29, 2010 1:57:49 PM)
I manage an IT department and we've been finding this on Windows and Mac machines. Even our sharpest engineers are getting ransomware infections. Our latest installations of Trend don't detect this stuff. Just about the only tool that's been able to reliably remove this stuff is Malwarebytes, but that's only AFTER the machines get infected. Oh, and if it's a Mac, forget about it. That segment of the market is wholly unprepared and unsupported in the case of virus attack. The ignorant users that Macs attract with wide-open wallets for the machines they're buying is a RIPE target for the jerks who write this malicious code. They're criminals, plain and simple. If they write malware in different spoken languages then they'll write malware in different computer languages to get the most $ possible from us. Good luck everyone - and remember to thank your IT department - they have to deal with this stuff every day!
James G, Reston, VA (Sent Jan 29, 2010 1:57:11 PM)
I had two computers infected and refused to pay the ransom, I turned each off for 5 days and it went away.
Here's my question, how hard can it be for the FBI to track these web hijackers and make arrests and convictions...is it just not a priority to them?
dan pedley, brentwood, tenn (Sent Jan 29, 2010 1:57:05 PM)
How funny. J9 baited all of you just like the malware folks in the article. Got the response they were looking for. Anyway, it is true you can pick one up anywhere. I got one last year surfing around for review on new truck tires.
PR, Tx (Sent Jan 29, 2010 1:56:51 PM)
Ohhhh myyy goodness !!! That's why my laptop has crashed. Poor laptop, it underwent all of the symptoms stated in the article as well as in the "Comments" section. However, the virus does not let me access the the internet at all, so how I can fix it ? Hellllppp !!!
Mimi, Los Angeles (Sent Jan 29, 2010 1:55:53 PM)
Recently got one of those and it blocked my use of symantic. I used Adaware, the free version, and it removed it. then I used spydoctor,another free program. this took out more garbage. After that I was able to use my anti virus software. What a pain.
ZAP (Sent Jan 29, 2010 1:54:06 PM)
I do PC repair and I have to say that I have not had to repair a Vista or "7" PC for the types of malware that my "frequent fliers" have suffered from. Removing system level privs for apps like IE has been fantastic... though not for my bottom line. If you are a geek like me, stay with XP. If you have young click-happy kids, or are getting a PC for grandma, go for Windows 6 or greater... or Ubuntu and really confuse the tar out of them.
Rob, Rochester, NY (Sent Jan 29, 2010 1:52:52 PM)
Also, my PC got infected while my wife was on Facebook. She tried to close the pop-up and it automatically downloaded when she clicked on the "Close" button.
Bishop, Louisville, KY (Sent Jan 29, 2010 1:52:36 PM)
I get a chuckle out of these "get a Mac" guys.
I do a lot of video editing, and with a pc I can choose from 1,000 programs--and have different ones for different uses. With a Mac, I'd have to use the one that came with the Mac.
Jeremy (Sent Jan 29, 2010 1:50:59 PM)
My 5 year old computer was hit with this about 2 months ago, and it screwed it up so badly that I had to get a new system. Even now with the new system, I guess that since the criminals still have the virtual path back to my IP address, my new system is being contacted daily in an attempt to get into it. I bought a much more comprehensive firewall and anti virus program, but it is uncomfortable to know that they are knocking on the back door every day. How do I stop this?
GM, Doylestown PA (Sent Jan 29, 2010 1:48:51 PM)
I just got attacked 2 days ago by one of these ransomeware type programs.. just before I was to start work. I had received a message from McAfee that a trojan was detected and taken care of and then about 15 minutes later I had issues. I happened to pop on Facebook doing my usual stuff, stepped away for a hot second and came back and this program was running. I wasn't paying for this hijacked crap because I already have one... duh! Well, I couldn't shut it off, everything locked up. I was livid, needless to say, as I still have a month left on my McAfee subscription before renewal. Shut everything down and took CPU to Office Depot. I was made aware of the malware. The tech guy was nice enough to download a free malware remover.. so no more issues for now. AND I didn't have the $169 to do a total clean and tweak performance of my system at the time (maybe later).... I wondered if it was a gimmick ploy too because my McAfee subscription only has a month left before renewal and now all of a sudden this happens and I wondered if it was a scare tactic and I mentioned it to the tech guy (he did have a look on his face like I discovered a big secret). I DON'T SURF PORN sites and I try to be careful where I surf - I have a husband at home, so why look elsewhere... LOL! The only thing I can think of that this could have possibly come from Facebook. Now when I have to step away from my computer I enable my Firewall so nothing gets in or out until I come back. It is a pain in the butt, but for now works for me. I like the one person that feels that their Anti-virus/spyware programs should be able to handle this nuiscance and they dropped the ball big time!
SheShe, Ypsilanti, MI (Sent Jan 29, 2010 1:48:50 PM)
if you catch the infection in the early stages you can remove it with a system restore or malwarebytes. the current version has the upper hand though so getting if off will require a full system restore.
amado, san antonio, tx (Sent Jan 29, 2010 1:47:21 PM)
Happened to me last month. luckily i managed to stop it early by turning off my pc and using another laptop and doing alot of reading...two software programs i ised to clean my pc from being hijacked was Malwarebyts Anti Malware and this is the better of the two is called HiJackThis by Trend Micro Inc. All were free to download. HijackThis is very easy and most importantly work very well. My advise is to do alot of reading into the type of virus you may have and stick to big name software companys offering free antivirus software that you are familiar with....good luck
LvnInOc, Fountain Valley, Ca. (Sent Jan 29, 2010 1:47:13 PM)
I work as a desktop technician for a sizable company where we've gotten some of these programs on our machines. The users are not administrators (they're Power Users), so you don't have to have the rights to make system registry changes. In adition, many "risky" sites, such as pornography and file download sites are blocked, yet they still get it.
Once these programs take hold, it is difficult to remove them. I've had good luck with Malwarebytes, and sometimes in conjunction with CCleaner. However, even these have failed to eliminate some truly dug-in ransomware. Some of these programs even delete restore points once they are established. I've been able to clear them out by finding every scrap within the registry (including the hash values that aren't there by name), but even this likely leaves some traces. I'm ecstatic that this article was written, as this has been getting worse over the last couple of years.
Brad, Des Moines, IA (Sent Jan 29, 2010 1:46:54 PM)
The problem is virtually uncontrollable... There are easy, but time-expensive ways to stop those guys in their tracks BUT, the steps would have to be taken by the web-development community, not by end-users and virtually no-one (except of banks and such) wants to pay premium for writing security-conscious websites.
Essentially all websites would have to be written to run with high security settings, and that means just HTML and JScript/DOM for dynamic content and NO add-on functionality in a browser. It is horribly time and skill intense to write good desktop-experience-level dynamic web applications without Java VM, Flash, ActiveX and Silverlight. Virtually no-one wants to pay for it. Very few guys I know can even do it.
Still, even all that would not prevent somebody just downloading and running an executable.
Pax (Sent Jan 29, 2010 1:46:34 PM)
I got hit and it wasn't $49 charged to me, I had a charge for $99 show up, now trying to get at least part of the $ back.
EAC, Washington DC (Sent Jan 29, 2010 1:46:17 PM)
Microsoft allows their products to be compromised. The "legit" security software makers are no better than the outright extortionists. They all profit from flawed products, tricks, misdirection and empty promises of safety for a protection fee. Holy Godfather Batman!
They all cultivate consumer fear and promote threats, real and imagined, to make money. At least when the 1920 thugs shook down the poor old pizza maker for protection money, they actually left the guy alone until next payment came due.
Now, you give some "respected" AV software company your money. If you get infected anyhow - tough. You can purchase an upgrade that may help - but if it doesn't... tough again. Want to try to uninstall - forget it.
No refunds, no free phone support. Behold, 21st century marketing. Faceless pigs at the trough making millions. How much you want to bet that they all try to develop viri that attack the competitions AV software???
Jim Smithman, Pittsburgh, PA (Sent Jan 29, 2010 1:43:48 PM)
I use Avg. It's free and checks everything. Also, make regular backups of your important data.
Dominic (Sent Jan 29, 2010 1:42:27 PM)
Has anybody gotten 'hijacked' with an OS other than Windows (Mac 0SX or Linux)?
Daniel, Salinas, CA (Sent Jan 29, 2010 1:41:43 PM)
So why do we pay all this money to Symantec and Norton every year if their products do not do what they are designed to do in the first place.
Just like any other industry....create a problem and then sell the solution.
BlueDevilBasher, Columbia, MO (Sent Jan 29, 2010 1:40:28 PM)
It really pisses me off that these motherf**kers come up with $h*t like this instead of working. I was delayed from getting back and seeing my mother before she passed away thanks to the "I love You" virus. Let me catch a sorry little $h*t coming up with crap like this and he'll need protection, from me!!
Buck Nekkid, Baumholder,Germany (Sent Jan 29, 2010 1:39:49 PM)
an average bank robber gets about 20-30,000 dollars on a heist and usually gets shot in a car chase, yet these guys can get 150MILLION!!! and no one can find them, they cant freeze bank accounts, we cant track them or nothing, common world.
zach (Sent Jan 29, 2010 1:39:31 PM)
Another trick I had to use to remove one of these viruses was to download a different browser, like FireFox, and use that browser to search for free repair software. These things sometimes only attack IE, so if have a separate web browser installed you can get around the attack and clean your PC. Of course if it locks up your whole PC, you're outta luck.
Bishop, Louisville, KY (Sent Jan 29, 2010 1:38:08 PM)
I use Linux, so this is a non-issue for me. I suggest others do the same.
Ron (Sent Jan 29, 2010 1:35:04 PM)
Switch to Linux, Microsoft is riddled with these problems. Garbage !!!
GNU ,Tampa ,FL (Sent Jan 29, 2010 1:34:50 PM)
I have owned and used two Macs over the past 8 years, and use the Internet extensively. Neither one has any antivirus software. Neither one has ever had a problem with viruses, spamware, or malware of any kind. In addition, I have had very few freezes or crashes (none with the Intel-based iMac I bought a year and a half ago.) That is the simple truth.
Mitch Morgan, Cherry Hill, NJ (Sent Jan 29, 2010 1:34:14 PM)
hm, I wonder if j9 is one of 'them' ?!*&!?
just wondering USA (Sent Jan 29, 2010 1:34:07 PM)
what's interesting to me is that once someone pays the scammer, they're created a money trail which I would presume can be followed back to the virus writer. I wish this was discussed in the article.
E. Sandfort, Hamilton NJ (Sent Jan 29, 2010 1:33:22 PM)
When you factor in the loss in indirect revenue, (lost time, inoperable PC, etc.), in addition to the money extorted by these scum bags, it must run into billions of dollars. Easily. So if Obama wants to get this economy moving again, get these bums off the street and behind bars, permanently. Better still, in the ground. (Sorry, too strong?)
DB, New Hampshire (Sent Jan 29, 2010 1:33:06 PM)
Best program to stop this crap from happening ''Sandboxie'' No more spyware or virus.
Chad Seattle WA (Sent Jan 29, 2010 1:32:53 PM)
I use Kaspersky internet security and have never had a problem with anything. It picks up on things long before they have a chance.
Mark, Beaverton, OR (Sent Jan 29, 2010 1:30:47 PM)
My father recieved one from a stock message board. I rebooted into Safe Mode and restored the system back a week earlier. The virus will not allow Task Manager to run or system restore, only works in safe mode. In the past, I've had virues destroy the system restore backups, luckily this one didn't.
johnny (Sent Jan 29, 2010 1:30:12 PM)
Whats Porn..
NROP (Sent Jan 29, 2010 1:28:42 PM)
Macman, that works until such time that the number of macs out there make it interesting for hackers to pursue those too. Macs are far from immune to hacking, it's just that the numbers right now don't make sense. If you do some searching, you'll find that in a head to head contest not that long ago, it took hackers less time to break a mac's security than a windows based machine with linux still coming out top of the heap.
nobogmac (Sent Jan 29, 2010 1:27:11 PM)
And Macs never have problems because they never blue screen. Oh wait, everything is frozen or there's that spinning pinwheel of death. I've been there and done that too!
Not A MacHead, San Diego, CA (Sent Jan 29, 2010 1:27:08 PM)
I've ran into this several times. Supposedly my "My Computer" window pops up and starts going thru a virus scan showing hundreds of viruses on my puter. All I can do is sit back and laugh. I traced down the web site where it originates and wanted to leave them an e-mail but there was no way of doing this. I just wanted to laugh in their faces cause I don't run Windoze, I run Linux Mint and Ubuntu. Just wanted to let them know what butts they made of themselves.
Waya (Sent Jan 29, 2010 1:25:16 PM)
I've ran into this several times. Supposedly my "My Computer" window pops up and starts going thru a virus scan showing hundreds of viruses on my puter. All I can do is sit back and laugh. I traced down the web site where it originates and wanted to leave them an e-mail but there was no way of doing this. I just wanted to laugh in their faces cause I don't run Windoze, I run Linux Mint and Ubuntu. Just wanted to let them know what butts they made of themselves.
Waya (Sent Jan 29, 2010 1:25:10 PM)
I've been removing this sort of malware from computers for a long time. I wish that the law enforcement actually gave a fart about actually catching them. Personaly I would like to see them hung in public with ignomious burial afterwords. They cost the public FAR more than the 150 million that the author claims. Think about all the money that the victims have to shell out to correct their inital mistake at paying the money out. The unoffical estimate in 2006 was 2.5 billion dollars in this country alone. What do you think it is this day?
Ted, Orlando, FL (Sent Jan 29, 2010 1:24:48 PM)
You don't have to buy a MAC, just switch to Linux. Much faster and NO viruses!
John Doe, Seattle, Wash. (Sent Jan 29, 2010 1:24:06 PM)
First porn is not the problem.
Second Mac is not the answer either as more hackers are attacking Macs, the only reason there are not more Mac viruses is because if you are going to attacking something then you go for the bigger fish.
Next and most important, do not click on the X in the upper right corner. There are ways to open dialog boxes on screens without the X and then you build your own X. The only way to get out of these boxes is to hit Alt-F4 which closes the active window, if that does not work kill the process. Programmers can write code and attach it to the close event of a window as well but when you kill the window the on close event does not fire. If you click a button the on close event will fire.
A Programmer (Sent Jan 29, 2010 1:23:15 PM)
I'm an IT guy and saw 3 of these in the past week. The only way I got rid of them totally was to rebuild the users PC. I've been doing this for 17 years and these latest ones are nasty!
Jim M, Elk Grove Village, IL (Sent Jan 29, 2010 1:22:55 PM)
When they first pop up press Alt-F4 This closes the active page on the desktop.
Mister WolfDog, Santa Ana, California (Sent Jan 29, 2010 1:22:29 PM)
and, by the way, I watched a mac user get hit yesterday with one of these- total antivirus. we took his computer directly into the shop, but it somehow fried the OS. Using a mac no longer protects you from viruses, and they seem to hit the mac MUCH harder.
sikchimp, seattle wa (Sent Jan 29, 2010 1:21:39 PM)
So far I have picked this up 3 times in the past month! Fortunately each time I have hit the re x and closed out IE, then run my Microsoft ONE CARE virus program. One time it had to clean up the system, but the other two times nothing was downloaded to my computer. All of the times I have been attacked by this program I was running Internet Explorer 8, and I was on news programs like MSNBC, or Yahoo News.I have a firewall and virus protection, so I know what my programs look like, and I was almost fooled into using these trojans.But if you shut your IE down, and then manually start your virus programs you won't become infected.Don't trust any pop ups! even if they look like they are for real.
Connie Sacto California (Sent Jan 29, 2010 1:16:34 PM)
I'd not even bother with the Red X. Too many times these companies mask the X so what you think is the red X is just another active link inside the actual program. I personally ALT+F4 the program to close it out. Works 99% of the time. the few times it doesn't I CTRL+ALT+DEL to get the task manager, then I close FireFox or IE from there.
If prompted to restore your previous session, select a new session and you are good to go.
Smitty, FL (Sent Jan 29, 2010 1:16:30 PM)
Anti-virus software often doesn't catch it because these can be little programs just like any other program. And, if you install a program, you've just given it permission to do whatever it does.
Soem Antivirus software tries to detect suspicious activity by installed apps. But, I've seen more false positives (legitimate program blocked or quarantined) than actual malicious programs stopped.
Michael L. Buie (Sent Jan 29, 2010 1:16:28 PM)
About time someone wrote about this. I've wanted to start class actions against them, but I don't have the ability to track them. The FBI should have a team attacking these people.
http://redtape.msnbc.com/2010/01/tu...theyve-got-to-trick-the-infected-pc-into.html
Courtesy PandaLabs
Turning hijacked computers into cash is still hard work for most computer criminals. They've got to trick the infected PC into sending spam, then trick a recipient into buying a useless product -- or they have to steal online banking passwords, log onto a victims account, bypass the banks money transfer fraud controls, and so on.
It's much easier to just demand cash directly from infected users -- a crime that's the Internet's equivalent of kidnapping.
"Give me all your money or your computer gets it-" is the basic proposition.
The technique was dubbed "ransomware" many years ago by computer virus researchers, and is not new. What is new is the explosion of ransomware, thanks to the evolution of ever-more-believable tactics during recent months.
In December, the FBI issued a warning about a broader category of malicious programs called "rogueware. These programs appear on users' machines and claim to find viruses, then offer to clean them for $50. Rogueware looks so realistic -- complete with Windows-like dialog boxes and scary warnings -- that Web users were tricked into sending $150 million to criminals last year, the FBI says.
The new ransomware is similar, but far more aggressive. Once a computer is infected with it, the program does more than recommend a software purchase it simply won't let users continue to use their PC until they pay up.
Luis Corrons Granel, a researcher at Panda Security, said use of ransomware by criminals is exploding -- 25 percent of all rogueware in the past quarter involved a family of intimidating products named "TotalAntivirus. It demands that users pay $50 for two years, $79 for a lifetime license.
The increase (in ransomware) has been really significant, Granel said. A single family of ransomware programs called Total Security made up one-quarter of all rogueware programs detected during the past three months, he said.
To an average user, most rogueware would be indistinguishable from other standard antivirus products. They look like fully functional software, showing Windows-like screens for firewall settings, file scanning, and every other tab you'd expect from standard antivirus products. Total Security even lets users choose their language -- English, Spanish, and German are offered.
The switch to ransomware by the bad guys makes sense, says Peter Cassidy, spokesman for the Anti-Phishing Working Group -- because computer criminals are refining their programming methods, and getting more aggressive about taking people's money.
See ransomware in action with this video from PandaLabs.
"Instead of trying to fool people and getting one out of 1,000 to pay, what they're doing now is just locking up the PC and telling them they have to pay," he said. "It's a really violent approach, really nasty."
There might be one silver lining to the rise of ransomware, Cassidy said.
"It's not in that gray area of selling people useless crap," he said. Its clearly criminal, and extortion does get the attention of law enforcement officials.
As is customary, computer criminals are fusing this new attack with successful, older methods, said John Harrison, a security researcher at Symantec Corp. In one recent example, criminals first engaged in search engine "poisoning," so their booby-trapped Web sites would rate high in Google searches about Haitis earthquake. Visitors who clicked were tricked into downloading the ransomware software; and then were confronted with extortion demands.
"That's their distribution model," Harrison said -. "They used to do it subtly, but now they are doing it much more brazenly."
Screen capture provided by PandaLabs.
In some versions, users will see a message that says, "Google recommends you install this," or "Microsoft recommends you turn this feature on- then, they take over your computer and all of a sudden it looks like you have 900 viruses," he said.
The latest flavor of ransomware, described on Jan. 8 by security firm F-Secure, doesn't disable all software, but it does something just as debilitating -- it encrypts all the files on a victim's computer, and forces them to pay for decryption. The program, which calls itself Data Doctor 2010, costs $89.
RED TAPE WRESTLING TIPS
In some cases, researchers say, paying the ransom does work, at least initially. Still, it's a terrible idea to pay. On a grand scale, you've just subsidized a criminal. But there are far more practical concerns -- why would you trust the author of ransomware with your credit card number? Perhaps you think you'd never do this, but remember, the FBI says rogueware writers have made $150 million, so someone is paying up.
If an unexpected antivirus dialog box lands on your computer screen, close the window immediately by clicking on the 'x' in the upper-right hand corner. Don't use the "OK/Cancel" buttons in the window -- criminals often reprogram these.
You may or may not be infected anyway -- it's possible you are already the victim of a "drive-by download" that doesn't require user interaction. So run an antivirus scan, if you can.
If the rogue software has actually taken over your computer, physically disconnect it from the Internet to avoid having your personal information sent back to the criminal. Then go to a different computer to search for solutions. Type in the name of the rogue software and search for information on well-known antivirus Web sites. Many antivirus firms offer free cleaners you can download or place onto a USB memory stick, and run on your infected computer.
But maintain healthy suspicion at all times. Ransomware authors have gone so far as to create fake software reviews about their products and place them around the Internet, even stealing logos from reputable technology publications, says Harrison.
"The idea is you search for information about the program and this turns up, and you figure it's ok so you install it," he said. "Some of this is soft sell, some is very hard sell."
As always, its never a good idea to follow links in e-mails when heading to Web sites it takes an extra moment, but always click into your browsers address bar and manually type the address.
Become a Red Tape Chronicles Facebook fan or follow me at http://twitter.com/RedTapeChron
Mac users need to remember that they are NOT invulnerable... it's simply that Macs weren't targeted for so long because they comprised such a small percentage of the target base. It simply wasn't "cost-effective." Linux by nature is open source, and since it's relatively similar to Windows it's not difficult to target with no or few tweaks.
"Drive-by downloads" can occur at any time - any time you visit a webpage, all the images, embedded, videos, etc. need to download - it's not hard to embed a hidden file that will also download at the same time and then !BAM! you've got the virus/trojan/worm/etc. You may never see a pop-up; you may never have to click on anything.
Safest of all is to simply never hook your computer up to the internet, but obviously that's not practical. Use a good trusted anti-virus program such as Norton or McAfee, update it at least once ever month (once per week is better; once per day best of all), get and USE a good strong firewall (Windows Firewall is good but you should get a stronger, secondary one - remember, you get what you pay for), and use a proxy server if you can to help "hide" your computer. Also make sure, whatever web browser you use, to go into Internet Options (or the equivalent) and set all the security settings so that nothing downloads without your permission (most of this will be on the "Advanced" tab). If you don't want to set it to "never," such as for Java applets you might actually want (games, for ex.), then set it to ask you each time.
Don't forget to check the BBB before buying ANY software - make sure the company's legit!
M. Kenal (Sent Jan 29, 2010 3:23:47 PM)
These can be quite painful on an infected user often disabling internet access, antivirus software, system restore and the task manager.. but it has to load up just like other software to function correctly.. so restart your computer and before anything has a chance to load up press ctrl+alt+delete click on task manager and then click the processes tab.. there you will see the various processes being run on your computer.. at the top of the list will be where the most recent programs are loading.. watch for programs(.exe) that dont appear to belong(it would help if you got an idea of what programs normally run when your computer is not infected)when you see one of these programs pop up right click it and end its process.. you will have to end several processes as this software really wants to run.. after you have ended these processes you'll find that you have enough functionality to be able to either use your virus scanner or find what you need online.. I hope this information helps those that cant afford to bring it to someone and dont have the luxury of a spare computer..
Michael Butte, MT. (Sent Jan 29, 2010 3:21:35 PM)
I am a computer tech and lately have been dealing with these issues. Best way is to shutdown the computer and restart in safe mode with networking. Download Malwarebytes and run it. Do a full scan and after it finds the infected objects, it will prompt you to remove them and it restarts to finish cleaning process. Boot normally and run the scan again in quick mode. Mostly the second scan cleans up the system. Combofix is also a good alternative. Hopefully it will help some of you out there. Its a simple process and can be done by an average user. Good luck.
Jason, Ca (Sent Jan 29, 2010 3:21:08 PM)
I am really sick of mac users popping off about not having security problems. The fact is Apple does not take security seriously and mac software is significantly more vulnerable then Windows. At any given time there are several times the number of known security holes in the mac os than in Windows. (example article from a quick Google search: http://blogs.zdnet.com/security/?p=758 ) Microsoft patches its applications much faster than Apple. Apple has shown a negligent disregard for security in all its products - iPhone, iPod, etc... (have not looked at iPad - probably won't, my 1 year old HTC phone has more computing power than the iPad) Apple needs to end it's arrogance and start producing quality gear! This head in the sand attitude by mac users is going to get them in trouble. The security of Apple products is so bad we don't even allow them on our corporate network any more. This includes iPhones and iPods. Note: I have 15 years experience in software development, worked with both windows and mac.
efore elmo (Sent Jan 29, 2010 3:17:41 PM)
I got an infection like that in my work computer. I was just doing some innocent research on Google, when this insidious message re: "Security Tool" popped up and kept popping up. It just would not go away until a microsystems technician installed a program to find and delete "malware". I lost the wallpaper and Sophos anti-virus software, but everything else is OK.
Jeff Knight, Miami, FL (Sent Jan 29, 2010 3:16:59 PM)
This just happend to me in December. I got the exact same pop up box that appears in the beginning of this article. I purchased Norton Anti Virus Spyware and it removed this immediately. However, I will tell you I almost gave them my credit card information. I'm glad that my gut feeling told me not to. If not I would have been a victim of this scam myself.
Lourdes, Easton, PA (Sent Jan 29, 2010 3:16:41 PM)
I use Spybot, another free malware removal tool, and it kills the malware even before it starts changing anything in your registry or any files on your computer.
Dalitso, Fort Worth, Tx (Sent Jan 29, 2010 3:08:52 PM)
I don't get you guys. I have never had a problem like this on my computers. I don't even use anti virus anymore, I just run some anti spyware scans every few weeks. I don't know what the heck you are all doing online but maybe a little common sense about the way you use your computer will help. onling gaming, porn, casino sites, downloading movies and music, screwing with social networking add-on apps; with all of these things you are just begging to get slammed with spyware/malware/viruses so make sure you have proper security protection. its like going to a whorehouse and not bringing and using condoms. its not the technology - its your behavior that needs to change. take some responsibility for your online actions.
feeyishes, san diego (Sent Jan 29, 2010 3:06:30 PM)
I think the real computer security companies have been secretly creating/funding/supporting viruses for a while. Without real threats you can't sell the solution.
jake, minneapolis, mn (Sent Jan 29, 2010 3:04:33 PM)
Smart little buggers.
My parents had this on their home computer about 2 weeks ago. It blocked internet explorer and gave a message as described. The messages said things like identity theft attempt, email compromised, etc etc. First I did a scan through windows, which did find a critical virus and removed it. Good for 2 days and then it was back. Downloaded AVG free(it's really totally free, not a trial) and ran that. Havn't had a problem since but I'm not sure I actually got rid of it or if it's just dormant(like it was for 2 days). Computers not even a year old.
jake, minneapolis, mn (Sent Jan 29, 2010 2:59:43 PM)
It needs to be remembered that it isn't the website itself that is suspect. It is the advertisments within that page that starts the whole nasty infection process. I had the New York Times site try to pop me before I moved to Windows 7.
DS (Sent Jan 29, 2010 2:59:01 PM)
www.malwarebytes.org Readers Lets Get some kind of pitition for US Congressional Recognition for this Corp that FREELY HELPED US CASH STAPPERS. Coodos to malwarebytes I ReallY thank these Guys/Gals being of a budget as I and I know others are, they make gold free to use ,I wish we can include them on our taxes so they can receive some type of credit from the government for helpping so mant in this economy ( low cash) so that career seekers can continue to job search without thier computers being held ransom
SAM PHIARRAPI@YAHOO.COM
sam (Sent Jan 29, 2010 2:57:06 PM)
"After talking to Microsoft technical support about not being able to connect to the internet, I later installed OneCare by Microsoft. Best anti-virus yet- and the best technical support!"
Maybe, but Microsft announced OneCare is being discontinued. It's already no longer available for sale, and once your subscription runs out you will no longer be supported...
Bottom line, I'm glad it worked, but it's not a realistic solution anymore.
Steve Sprinkle, Hampton VA (Sent Jan 29, 2010 2:54:46 PM)
I've had success removing this type of deeply embedded, malicious software from machines by removing the hard drive from the infected machine, setting it as a slave drive, installing it into a clean machine, booting the clean machine normally, and running virus scan (AVG Free) on the infected drive. It's a little time consuming, but a lot easier than trying to manually clean the machine. Just make sure you boot from the clean drive, or else the infected drive will probably infect the clean drive.
Adrian, Miami, FL (Sent Jan 29, 2010 2:48:12 PM)
j9...You have some serious issues.You obviously think porn is the death of civilization as we know it.Anyone that uses the internet is,in one way or another,just an innocent click away from an infection.Be it a rogue,or a virus.Do some homework.Look at some security forums.READ SOMETHING.And get a grip.Porn,in itself,is NOT the problem.Just a tiny fragment of this puzzle.
John Saginaw Mi. (Sent Jan 29, 2010 2:40:52 PM)
Dallas... you hit it right on when you said...
"I strongly believe that the Anti-virus software companies are the ones that launch these viruses to continue to sell and profit from customers".
TOTALLY AGREE!!
They think we don't know their true profit is based on the "fixes", not virus prevention/ protection. And even assuming they are not the ones bombarding people's pc's with viruses or paying under the table to rogue individuals to do so, then I bet they are pretty happy such criminals do exist. Because that's the way they make the big bucs! They don't want the problem to go away. If it does go away, then their lucrative dirty lil' business goes away too! So they perpetuate it by joining forces with the criminals and thus becoming the problem themselves.
The Anti-Virus Software industry is nothing but an established mafia and the entire world is their playground. It's a shame the government has allowed them to stay in business for so long. You don't need to be a genious to know they are the ones with the dirty tricks. They are either planting the viruses themselves or hiring criminals to do it for them in order to force users to buy more and more anti-virus software or pay for upgrades every year. It's a round business! Everybody wins, except us..
I wouldn't be surprized to learn that other industries are in conspiration with the anti-virus software developers.. like the PC makers. It makes sense.. the more PC's break down the more new PC's will be sold.
Pokerface (Sent Jan 29, 2010 2:40:16 PM)
"I have a Mac, and I'm Sooooo smart!"
--Smart you may be, but you are also an arrogant pr1ck.
Haywood Jablome (Sent Jan 29, 2010 2:39:36 PM)
I have to agree that it is not just porn sites. I was searching for an IEEE article and it popped up in multiple locations. I clicked on one link, and well, it wasn't the IEEE article.
And no, IEEE ain't porn, unless you are an Electrical Engineer.
They create fake sites that mirror or mimic legitimate sites, and then they load these Trojans.
Had it happen last year on a different computer) and I had to reformat the hard drive (again, windows ran better as a result!).
I have six computers, and try to double, triple, or quadruple backup my data. Also, I am putting more and more in the "cloud" as well. So even if one machine is hacked, at least I don't lose any data.
Save those older computers, put them on your network, and backup your data to them occasionally.
Joe Patent (Sent Jan 29, 2010 2:37:38 PM)
Use Linux and you wont have any of these problems!
-Or use Windows as your main OS then dual boot with Linux (surf the internet with Linux only).
-Or use Windows as your main OS and use VMWare to virtually boot Linux and surf the internet only in Linux.
Brad K (Sent Jan 29, 2010 2:35:58 PM)
Malwarebytes worked for me. I tried to run a scan using Mcafee, but the virus would shut it down. I had to use another computer to find this solution. I had to shut down the process using the task manager, download malwarebytes, scan and remove, then I could run a scan with my AV, which still found 39 viruses. Then I still had the pop-ups until I removed all the program files. My puter was down for two days.
kevin, nova (Sent Jan 29, 2010 2:35:42 PM)
My Mom got hit by a paricularly bad one twice (it took me 4 hours to clean her computer the first time. Wouldn't let most programs run except for Internet Explorer and that kept taking her to the fake anti-virus web site. She basically had a tan screen with no toolbars. Before she called me she was going to pay - the only thing that stopped her was that she still uses dial-up and the malware stopped her ISP software from running...in some sort of pyrrhic victory, their own malware stopped them from preying on my Mom...
Steve Sprinkle, Hampton VA (Sent Jan 29, 2010 2:34:34 PM)
Had this happen the other day. It really made a mess of things and I had to re-install windows. I did not lose any data, but I wasted about a half a day re-installing all my software (bonus, the computer runs faster now).
Spybot and Malwarebytes helped clean out the remnants. I am not sure how I even got this Trojan - from a website or what?
I try to tell friends about this, but particularly older people tend to trust anything with a trademarked logo on it. So if it says "Windows has found a virus, click here!" they click, never mind that Windows, by itself, doesn't "find viruses".
The Internet is too important as a means of commerce (not all of us are just on Facebook!) to let this happen.
Of course, some anti-virus companies are just happy with things they way they are. Fear sells, and some of my older friends have paid good money to the "legitimate" anti-virus companies, and have so much software running in the background now that their computers barely run.
Joe Patent (Sent Jan 29, 2010 2:31:54 PM)
try avast home edition. and yes, one is made for linux users as well. when following a link. dont be a lazy american. (or lazy in general) dont even follow the link. type it in your browser. not sure o fthe link or site? then dont go. and you wont have a problem. viruses etc dont just randomly appear as if some sort of e-fairy put them there. its your fault. you go. you get. you get screwed. be cautious and weary. just assume that every website out there is out to get your money. ( oh wait, they ARE).
ccleaner is aloso cool as well, while it isnt really for anti virus, its great for keeping your system fast and fresh. both are foun d at avast.com and ccleaner.com i use them both, and i have had no troubles at all. and for the record...linux pwns
send me an email if you need anytihng further. i will be happy to help
happy linux guy the Z (Sent Jan 29, 2010 2:30:58 PM)
Something that I don't agree with in this article is just "removing" the virus with tools. Personally, I never trust a computer once it's been comprimised by something major like this. I would reformat the hard drive, use a Virus checker liveCD to check all of my files on another drive, and then reinstall Windows. Once you're been comprimised like this, it's very hard to tell if you're completely safe, they may have left a back door in somewhere, to make it easier to infect you again, or they might have deleted a critical system file, or some other incident that can cripple or make the computer unsafe to use again
Elliot Womack, Aragon, Georgia (Sent Jan 29, 2010 2:30:48 PM)
If these things come from ads, would it help to install an add-in like AdBlockerPlus to your Web browser? I have it on Firefox purely because I have no interest in seeing ads when I'm online. Does it help with security too?
what.choo.got, Somewhere, Midwest (Sent Jan 29, 2010 2:29:36 PM)
I have a Mac, and I'm Sooooo smart!
Please, read what everyone else is saying.
Johnn Doe, Seattle Wash. (Sent Jan 29, 2010 2:26:15 PM)
Clicking 'Cancel' or even the 'X' button can execute any code the programmer wishes. If it isn't too late, kill the browser from Task Manager. With IE, there's a good chance that it is already too late.
As for Mac and Linux users, you are only immune from Windows-based malware. You are still very vulnerable to Mac or Linux malware. Where on Earth did the idea that Macs or Linux PCs are invulnerable come from? From what I hear, and I don't have the details, even Apple introduced an anti-malware component into Snow Leopard. If Macs were invulnerable to malware, you wouldn't need anti-malware. Would you?
AlBme, NYC, New York (Sent Jan 29, 2010 2:26:06 PM)
Masman: MAC's get infected too. We are seeing it more and more. The reason is, as MACs get more popular, there are more machines to infect. In the past hackers have not focused on MACs because the market was small. Why infect 100 people (Just an example with easy numbers) on MACs when you can ifect 1000 on PCs. Sadly, it makes some sense. Either way, this software is annoying to say the very least.
Rob, Las Vegas, NV (Sent Jan 29, 2010 2:26:00 PM)
Even clicking the 'x' can be dangerous, that button can be re-prgrammed as well. Try Holding down 'alt' and pressing 'F4', this will kill the connection to the "top" window without acknowledging it. Save your work, then disconnect from the internet.
Rob, Las Vegas, NV (Sent Jan 29, 2010 2:22:58 PM)
These people should be EASY to stop. The credit card company has RECORDS OF WHERE THE MONEY WENT!!!!!! Just find out who received the cash and sue them into oblivion!
Renee Marie Jones, Phoenix, AZ (Sent Jan 29, 2010 2:18:42 PM)
Best way to avoid this stuff is when it does pop up on the screen, use your Task Manager to close the "aaplication". Hit CTRL+ALT+DEL keys at once (Control and Alternate and Delete keys) or right click on Start/Program bar and choose Task Manager, click the Applications tab and if you see something out of the oridinary right click and choose End Task. May have to do it once or twice. Also you can check in the Processes tab as well. Never ever click the Close button or the white "X" in the red box in upper right hand corner. Most of these are just large graphics with hyperlinks attached or will start to install a file no matter where you click.
WSSW from SWFL (Sent Jan 29, 2010 2:18:13 PM)
y wife got her Winblows laptop infected with one of
these hijacking viruses recently in spite of having a
current copy of McAfee running. After about a day of disinfecting it I got it back to normal, then
decided to run a Windows Update. Now it only boots
into the Blue Screen of Death.
It now runs PuppyLinux.
Good riddance!
Uwe, Nashua, NH (Sent Jan 29, 2010 2:14:58 PM)
Why don't all you brilliant programmers develop a counterattack program to infect the attacker's puter and make some real money ???
Denny Seattle,Wa. (Sent Jan 29, 2010 2:14:23 PM)
I'd strongly recommend Web of Trust for a lot of peeps out there. www.mywot.com
It's a *Firefox* add-on which works with a user base of people like us. Sites are rated based on their reputation and content. The ratings are displayed next to links, which is nice.
It's not a full proof way of keeping junk out, but I've personally found it *very* useful for keeping away from shady sites when doing my browsing. It's yet to point me in a bad direction.
There's also the *Firefox* add-on, NoScript, which only allows Java and Flash on sites you trust. Very useful.
Michael, Grand Rapids, Michigan (Sent Jan 29, 2010 2:13:45 PM)
I've had friends and co-workers infected with something very similar. Basically we wiped the machines, re-installed everything and they started all over .. .
They now pay attention to where they go and what they do. Once bit . .twice shy . .
Ann, NH (Sent Jan 29, 2010 2:12:10 PM)
No, DB in New Hampshire.....not too strong!
DW, Texas (Sent Jan 29, 2010 2:12:00 PM)
I cleaned this nonsense....titled Personal Security 'authorand Internet Security 2010 but clearly from the same "author"....from my neighbor's computer three times last week, and since I have dug around in his computer from start to finish and he has NEVER been on a porn site on it. Once you have done it a couple of times, it's surprisingly easy to get rid of.
Boot up in safe mode, download and run Malwarebytes (available free from ZDnet as well as other places). Then download Spybot Search and Destroy and AVG, both also free from the same sources, and run those.
Next you want to do a system restore to a time well before the infestation. You may have to do this a couple of times, but it will ultimately do the trick, and the good news is that it takes less time each time.
Another good thing to tell the folks whose computers you are powerwashing (LOL)is that if they see anything downloading that they didn't click to download, YANK THE PHONE CORD!!!!!!
We finally tracked my neighbor's problem to a game site called flyordie.com that a friend was accessing on his computer to play chess.
The first cleanup took almost nine hours. The second one took about four. The third took only about 45 minutes, because the guy was standing there when it started and yanked the phone line.
Tired tech, West Baden Springs, IN (Sent Jan 29, 2010 2:11:28 PM)
Use AVG, either the free version or the paid version. I've used it for YEARS, my husband, with a Computer Science degree uses it. We've never had a virus that it didn't catch. Also, we use Sygate firewall, not sure if they're still around, but, again, we have no problems. I tried Symantec, McAfee and Norton before switching to AVG. All of those used so much more hard drive space, cpu power, and were really invasive. They slowed down so many programs and when I got tired of it I had a hard time fully uninstalling them.
Or, if you want to be really safe and stick it to the man ^^ switch to a Linux OS. There are some drawbacks, such as we can't play one of our favorite online games with a Linux OS, but that's why we have more than one computer around. Ubuntu is great, and for those with more experience or who want to learn and mess around more, try Debian.
My work computer recently got one of these viruses that look like part of Microsoft Security Center. I got so fed up with it that I switched to Debian and absolutely LOVE it.
Lisa, Seattle WA (Sent Jan 29, 2010 2:10:22 PM)
I forgot to add that it's critical to patch applications, especially Adobe Reader, Adobe Flash, Quicktime and anything Oracle. Go to Help, Check for Updates. While these may automatically check for updates, they often are primary routes for infection and aren't updated by their vendors nearly as often as they should be.
Contrary to popular belief, Microsoft has an excellent reputation in the information security community for it's security maturity. They had to get better, because the business market beat them over the head for years about it, then the EU joined in. Their 'Patch Tuesday' is an industry-best in that it's now baked-in to regular operations maintenance. Their security research teams are world-class.
All software can be compromised because of code complexity, poor engineering and the need for backwards compatibility. Microsoft isn't perfect, but they've made a vast improvement because the market made them do so.
Apple, on the other hand, is known for lagging with their updates and sometimes releases barely functional ones, like their failed DNS patch last year. Oracle is notorious for buggy software.
Linux is good, especially Ubuntu. But, there are a lot of Linux issues too, which is a trade-off with open-source. Last year, hackers managed to poison the OS kernel repository but fortunately it was caught.
It's a never-ending fight, and yes, you do have to 'pay attention to the man behind the curtain'...
Bill W, Gig Harbor, Washington (Sent Jan 29, 2010 2:10:18 PM)
I had this exact type of virus happen to me last month.Cost me 79.00 to get repaired. I asked the `tech guy what I can do to try and prevent it from happeng again. He gave me a few pointers.
If your not sure about your e mails, simply delete them before opening, stay away from sites such as porn, shady type sites, etc. These are usually an accident waiting to happen he says. After I got my system home and set up, everything was back to normal until the other nght. Another sign says I was infected. I remember what the `tech told me to do. I shut down the computer, re-stared it, ran a anti-malware scan which the `techs installed while in the shop. After the scan, there were 16 viruses. it asked to remove, which I did and everything has been normal since. They are out there. We have got to learn how to counter them at their own game. just like any other `Con
K. Jones, Saint George, Utah (Sent Jan 29, 2010 2:09:58 PM)
So what if someone IS looking at porn, its our in-alienable right wo wank. I hate Malware because it interrupts my ejaculation. It sucks to have a raging boner and suddenly have to disconnect from the net and re-boot...frantically trying to get back to some good porn so you can finish
LOLDon - Brazoria, TX (Sent Jan 29, 2010 2:09:16 PM)
My laptop was affected with a similar virus last week. I spent many hours to fix it and didn't want to give away control of my pc. After installing many anti-virus programs, malware removal I was able to restore it.
The virus was so wacky that it took control of TaskManager, RegEdit, Wireless connection. It looks exactly like an anti virus program with a title 'Anti-Virus 2010 removal'. Would recommend that one should have Avast Anti-Virus, Malaware Malabyte, HitManPro and bunch of other utils.
SJ, Fremont, CA (Sent Jan 29, 2010 2:07:04 PM)
Half of your virus protection lands at your fingertips. If you get an email or see something that looks like it is off, most likely it is. I have personally caught a dozen attempts this way before the antivirus had the chance to say so...and Norton got the rest. Good virus protection is cheap insurance. Sure, the computer is a few hundred or a few thousand perhaps...but what is your time, aggrivation, and lost data worth to you.
Trust your instincts. If it looks wrong or out of place or plain doesn't make sense, be wary of it.
David, Cheyenne, Wyoming (Sent Jan 29, 2010 2:06:54 PM)
Was hit with this very same attack a few months ago. I fixed the problem by turning off the computer and starting up in safe mode. This allow me access to the software on the computer that the malicious program would not allow otherwise. I found the malicious program embedded in my startup program list on my antivirus program. This meant that no matter what i did so long as that start up program was allowed to proceed the malicious software would take over. By starting in safe mode i was allowed to start without the startup in the antivirus program. The fix was to simply delete the program from the start up menu. Then remove the program from the computer all together. Then run antivirus program. Then run system restore to an earlier date of safety.
TA, Atlanta,Ga (Sent Jan 29, 2010 2:05:33 PM)
These can come from anywhere. I almost got hit with one from a video someone sent me on Facebook a few months back, but Firefox blocked the drive-by download.
Timothy, Florida (Sent Jan 29, 2010 2:05:15 PM)
"Macs are far from immune to hacking, it's just that the numbers right now don't make sense." Please stop spreading this fallacy. Macs are more secure because of the UNIX based operating system. It has nothing to do with the marketshare. And that "hack" contest you referred to? That was a web browser plugin, and it was patched immediately. There have been no actual OS X worms to date, and no malware like the cruft that affects Windows on a daily basis.
That being said, Microsoft Security Essentials is a decent (and FREE) product. Microsoft bought out an antivirus company a few years ago and rolled out this product. It's beaten Avast and AVG in many cases. Another tip is to use Firefox and stop using Outlook and Internet Explorer. Keep stuff up to date, too!
(source: 20+ years herding computers around)
Bob, Dallas, TX (Sent Jan 29, 2010 2:04:21 PM)
I just yesterday, had to reformat and fresh install the OS. This was on a business computer, and the user was at the Turbo Tax web site, and all hell broke loose. I ran a virus scan in safe mode and it found no viruses or other malware, but when I rebooted, there it all was again. I have "cleaned" perhaps 20 systems in the past year and the only way I was able to get rid of this was a reformat and fresh install of the OS. This could be stopped by the "Powers That Be", but it is not a high enough priority. Just some thoughts.
John Doe, Seattle, WA (Sent Jan 29, 2010 2:04:16 PM)
I tried everything to get rid of ransomware program. Finally I reset my computer back a couple days prior to getting the "virus" and it worked. Program disappeared and no problems since.
Riptide (Sent Jan 29, 2010 2:03:31 PM)
After talking to Microsoft technical support about not being able to connect to the internet, I later installed OneCare by Microsoft. Best anti-virus yet- and the best technical support!
HP, Ypsilanti, MI (Sent Jan 29, 2010 2:02:59 PM)
I recieved mine, when I googled for "election results 2009" on election Day-hardly porn. I finally did a complete OS re-install to get rid of it. There is all kinds of software out there that claim to get rid of it-don't waste your time. My friendly IT person said to avoid google as a search engine, instead use yahoo or Bing- these search engines will filter and give you a heads up prior to your searched site.
EJH (Sent Jan 29, 2010 2:01:35 PM)
Worth repeating, get a MAC, no more problems. I was fed up with these exact problems for the last 6 months, I transferred everything onto my new Mac and tossed the old computer out. With the money I have spent on virus software and repair people who really couldn't figure out the problem I could have bought a new Mac in the first place. When I asked about virus software for my new purchase, I was told I don't need any. The four salespeople in the electronics store I purchased my new computer ALL own MACS.
tina, santa ana, CA (Sent Jan 29, 2010 2:01:11 PM)
We got one called Antivirus Pro. It looked unbelievably real and shut down our entire system. We ended up bringing it to a computer repair place to fix. They installed Malwarebytes and it took care of the problem. There's a free version of Malwarebytes available for download on the internet. Just fyi, the free version requires you to update it manually - only the paid version does it automatically. That's very easy though.
M, Hartford, CT (Sent Jan 29, 2010 2:00:19 PM)
If clicking 'X' does not work try pressing ALT+F4. This will close the active open window.
P, Milwaukee WI (Sent Jan 29, 2010 1:59:12 PM)
It doesn't matter where it came from. The best solution is to do frequent backups of your data to a backup HDD. Have a second HDD configured with your OS & APPS sitting in your desk as a spare to the one in your computer. Then when (not if) you get zapped, do the following:
Procedure 1
1) Swap HDDs on the computer
2) Reload your data from the backup HDD
3) Get all of the new security updates for the OS on the new HDD
4) Go back to work
....
Then, later, at your leisure:
Procedure 2
1) Swap the infected HDD back
2) WIPE IT FLAT & FORMAT IT - for XP, Vista, & W-7, do this by setting the boot device to CD & boot from the installation CD. Proceed from there.
3) Reload your OS & get all of the security updates
...
4) Swap it out and put it in storage (for the next time you are hacked)
5) Swap in your working HDD and go back to work
...
Note: This is also a good practice for an HDD head crash. ... Not mal-ware this time, simply a hardware failure. They ***do*** happen. I have had two HDD failures of this kind in the past 10 years.
In this case, perform Procedure 1, then smash the broken HDD with a hammer and toss it into the trash. Purchase a replacement HDD, format it and load it with your OS & APPS. It will be your new reserve (backup HDD).
(Secret tip: M-Soft has a limit on how often you can re-load MS-Office software on a computer. If you hit this limit, call the 800 number on the denial popup window, give your explanation - reloading after virus attack or HDD head crash - and M-Soft will give you a new license key. You will need your CD and box with the original license key when you call.)
And, of course, you have retained a copy of all of your OS & applications CDs together in a storage tote so that you can 1) easily rebuild your system & 2) prove that you are the rightful owner and user of the software on your computer, if asked. It's only common sense.
PS. The folks at BSA.org can fine you, or sue you in court, if you have pirated software, or legitimate and you can't verify the source of your software. Individuals are usually not targets, however, employers are. An angry employee, who was laid off a few years ago, got revenge on his employer by sending in a tip to BSA.org. The employer had sloppy records (and some pirated software). The end result was a 7 figure fine! I was there & saw it all go down.
DE, Minneapolis, MN (Sent Jan 29, 2010 1:57:49 PM)
I manage an IT department and we've been finding this on Windows and Mac machines. Even our sharpest engineers are getting ransomware infections. Our latest installations of Trend don't detect this stuff. Just about the only tool that's been able to reliably remove this stuff is Malwarebytes, but that's only AFTER the machines get infected. Oh, and if it's a Mac, forget about it. That segment of the market is wholly unprepared and unsupported in the case of virus attack. The ignorant users that Macs attract with wide-open wallets for the machines they're buying is a RIPE target for the jerks who write this malicious code. They're criminals, plain and simple. If they write malware in different spoken languages then they'll write malware in different computer languages to get the most $ possible from us. Good luck everyone - and remember to thank your IT department - they have to deal with this stuff every day!
James G, Reston, VA (Sent Jan 29, 2010 1:57:11 PM)
I had two computers infected and refused to pay the ransom, I turned each off for 5 days and it went away.
Here's my question, how hard can it be for the FBI to track these web hijackers and make arrests and convictions...is it just not a priority to them?
dan pedley, brentwood, tenn (Sent Jan 29, 2010 1:57:05 PM)
How funny. J9 baited all of you just like the malware folks in the article. Got the response they were looking for. Anyway, it is true you can pick one up anywhere. I got one last year surfing around for review on new truck tires.
PR, Tx (Sent Jan 29, 2010 1:56:51 PM)
Ohhhh myyy goodness !!! That's why my laptop has crashed. Poor laptop, it underwent all of the symptoms stated in the article as well as in the "Comments" section. However, the virus does not let me access the the internet at all, so how I can fix it ? Hellllppp !!!
Mimi, Los Angeles (Sent Jan 29, 2010 1:55:53 PM)
Recently got one of those and it blocked my use of symantic. I used Adaware, the free version, and it removed it. then I used spydoctor,another free program. this took out more garbage. After that I was able to use my anti virus software. What a pain.
ZAP (Sent Jan 29, 2010 1:54:06 PM)
I do PC repair and I have to say that I have not had to repair a Vista or "7" PC for the types of malware that my "frequent fliers" have suffered from. Removing system level privs for apps like IE has been fantastic... though not for my bottom line. If you are a geek like me, stay with XP. If you have young click-happy kids, or are getting a PC for grandma, go for Windows 6 or greater... or Ubuntu and really confuse the tar out of them.
Rob, Rochester, NY (Sent Jan 29, 2010 1:52:52 PM)
Also, my PC got infected while my wife was on Facebook. She tried to close the pop-up and it automatically downloaded when she clicked on the "Close" button.
Bishop, Louisville, KY (Sent Jan 29, 2010 1:52:36 PM)
I get a chuckle out of these "get a Mac" guys.
I do a lot of video editing, and with a pc I can choose from 1,000 programs--and have different ones for different uses. With a Mac, I'd have to use the one that came with the Mac.
Jeremy (Sent Jan 29, 2010 1:50:59 PM)
My 5 year old computer was hit with this about 2 months ago, and it screwed it up so badly that I had to get a new system. Even now with the new system, I guess that since the criminals still have the virtual path back to my IP address, my new system is being contacted daily in an attempt to get into it. I bought a much more comprehensive firewall and anti virus program, but it is uncomfortable to know that they are knocking on the back door every day. How do I stop this?
GM, Doylestown PA (Sent Jan 29, 2010 1:48:51 PM)
I just got attacked 2 days ago by one of these ransomeware type programs.. just before I was to start work. I had received a message from McAfee that a trojan was detected and taken care of and then about 15 minutes later I had issues. I happened to pop on Facebook doing my usual stuff, stepped away for a hot second and came back and this program was running. I wasn't paying for this hijacked crap because I already have one... duh! Well, I couldn't shut it off, everything locked up. I was livid, needless to say, as I still have a month left on my McAfee subscription before renewal. Shut everything down and took CPU to Office Depot. I was made aware of the malware. The tech guy was nice enough to download a free malware remover.. so no more issues for now. AND I didn't have the $169 to do a total clean and tweak performance of my system at the time (maybe later).... I wondered if it was a gimmick ploy too because my McAfee subscription only has a month left before renewal and now all of a sudden this happens and I wondered if it was a scare tactic and I mentioned it to the tech guy (he did have a look on his face like I discovered a big secret). I DON'T SURF PORN sites and I try to be careful where I surf - I have a husband at home, so why look elsewhere... LOL! The only thing I can think of that this could have possibly come from Facebook. Now when I have to step away from my computer I enable my Firewall so nothing gets in or out until I come back. It is a pain in the butt, but for now works for me. I like the one person that feels that their Anti-virus/spyware programs should be able to handle this nuiscance and they dropped the ball big time!
SheShe, Ypsilanti, MI (Sent Jan 29, 2010 1:48:50 PM)
if you catch the infection in the early stages you can remove it with a system restore or malwarebytes. the current version has the upper hand though so getting if off will require a full system restore.
amado, san antonio, tx (Sent Jan 29, 2010 1:47:21 PM)
Happened to me last month. luckily i managed to stop it early by turning off my pc and using another laptop and doing alot of reading...two software programs i ised to clean my pc from being hijacked was Malwarebyts Anti Malware and this is the better of the two is called HiJackThis by Trend Micro Inc. All were free to download. HijackThis is very easy and most importantly work very well. My advise is to do alot of reading into the type of virus you may have and stick to big name software companys offering free antivirus software that you are familiar with....good luck
LvnInOc, Fountain Valley, Ca. (Sent Jan 29, 2010 1:47:13 PM)
I work as a desktop technician for a sizable company where we've gotten some of these programs on our machines. The users are not administrators (they're Power Users), so you don't have to have the rights to make system registry changes. In adition, many "risky" sites, such as pornography and file download sites are blocked, yet they still get it.
Once these programs take hold, it is difficult to remove them. I've had good luck with Malwarebytes, and sometimes in conjunction with CCleaner. However, even these have failed to eliminate some truly dug-in ransomware. Some of these programs even delete restore points once they are established. I've been able to clear them out by finding every scrap within the registry (including the hash values that aren't there by name), but even this likely leaves some traces. I'm ecstatic that this article was written, as this has been getting worse over the last couple of years.
Brad, Des Moines, IA (Sent Jan 29, 2010 1:46:54 PM)
The problem is virtually uncontrollable... There are easy, but time-expensive ways to stop those guys in their tracks BUT, the steps would have to be taken by the web-development community, not by end-users and virtually no-one (except of banks and such) wants to pay premium for writing security-conscious websites.
Essentially all websites would have to be written to run with high security settings, and that means just HTML and JScript/DOM for dynamic content and NO add-on functionality in a browser. It is horribly time and skill intense to write good desktop-experience-level dynamic web applications without Java VM, Flash, ActiveX and Silverlight. Virtually no-one wants to pay for it. Very few guys I know can even do it.
Still, even all that would not prevent somebody just downloading and running an executable.
Pax (Sent Jan 29, 2010 1:46:34 PM)
I got hit and it wasn't $49 charged to me, I had a charge for $99 show up, now trying to get at least part of the $ back.
EAC, Washington DC (Sent Jan 29, 2010 1:46:17 PM)
Microsoft allows their products to be compromised. The "legit" security software makers are no better than the outright extortionists. They all profit from flawed products, tricks, misdirection and empty promises of safety for a protection fee. Holy Godfather Batman!
They all cultivate consumer fear and promote threats, real and imagined, to make money. At least when the 1920 thugs shook down the poor old pizza maker for protection money, they actually left the guy alone until next payment came due.
Now, you give some "respected" AV software company your money. If you get infected anyhow - tough. You can purchase an upgrade that may help - but if it doesn't... tough again. Want to try to uninstall - forget it.
No refunds, no free phone support. Behold, 21st century marketing. Faceless pigs at the trough making millions. How much you want to bet that they all try to develop viri that attack the competitions AV software???
Jim Smithman, Pittsburgh, PA (Sent Jan 29, 2010 1:43:48 PM)
I use Avg. It's free and checks everything. Also, make regular backups of your important data.
Dominic (Sent Jan 29, 2010 1:42:27 PM)
Has anybody gotten 'hijacked' with an OS other than Windows (Mac 0SX or Linux)?
Daniel, Salinas, CA (Sent Jan 29, 2010 1:41:43 PM)
So why do we pay all this money to Symantec and Norton every year if their products do not do what they are designed to do in the first place.
Just like any other industry....create a problem and then sell the solution.
BlueDevilBasher, Columbia, MO (Sent Jan 29, 2010 1:40:28 PM)
It really pisses me off that these motherf**kers come up with $h*t like this instead of working. I was delayed from getting back and seeing my mother before she passed away thanks to the "I love You" virus. Let me catch a sorry little $h*t coming up with crap like this and he'll need protection, from me!!
Buck Nekkid, Baumholder,Germany (Sent Jan 29, 2010 1:39:49 PM)
an average bank robber gets about 20-30,000 dollars on a heist and usually gets shot in a car chase, yet these guys can get 150MILLION!!! and no one can find them, they cant freeze bank accounts, we cant track them or nothing, common world.
zach (Sent Jan 29, 2010 1:39:31 PM)
Another trick I had to use to remove one of these viruses was to download a different browser, like FireFox, and use that browser to search for free repair software. These things sometimes only attack IE, so if have a separate web browser installed you can get around the attack and clean your PC. Of course if it locks up your whole PC, you're outta luck.
Bishop, Louisville, KY (Sent Jan 29, 2010 1:38:08 PM)
I use Linux, so this is a non-issue for me. I suggest others do the same.
Ron (Sent Jan 29, 2010 1:35:04 PM)
Switch to Linux, Microsoft is riddled with these problems. Garbage !!!
GNU ,Tampa ,FL (Sent Jan 29, 2010 1:34:50 PM)
I have owned and used two Macs over the past 8 years, and use the Internet extensively. Neither one has any antivirus software. Neither one has ever had a problem with viruses, spamware, or malware of any kind. In addition, I have had very few freezes or crashes (none with the Intel-based iMac I bought a year and a half ago.) That is the simple truth.
Mitch Morgan, Cherry Hill, NJ (Sent Jan 29, 2010 1:34:14 PM)
hm, I wonder if j9 is one of 'them' ?!*&!?
just wondering USA (Sent Jan 29, 2010 1:34:07 PM)
what's interesting to me is that once someone pays the scammer, they're created a money trail which I would presume can be followed back to the virus writer. I wish this was discussed in the article.
E. Sandfort, Hamilton NJ (Sent Jan 29, 2010 1:33:22 PM)
When you factor in the loss in indirect revenue, (lost time, inoperable PC, etc.), in addition to the money extorted by these scum bags, it must run into billions of dollars. Easily. So if Obama wants to get this economy moving again, get these bums off the street and behind bars, permanently. Better still, in the ground. (Sorry, too strong?)
DB, New Hampshire (Sent Jan 29, 2010 1:33:06 PM)
Best program to stop this crap from happening ''Sandboxie'' No more spyware or virus.
Chad Seattle WA (Sent Jan 29, 2010 1:32:53 PM)
I use Kaspersky internet security and have never had a problem with anything. It picks up on things long before they have a chance.
Mark, Beaverton, OR (Sent Jan 29, 2010 1:30:47 PM)
My father recieved one from a stock message board. I rebooted into Safe Mode and restored the system back a week earlier. The virus will not allow Task Manager to run or system restore, only works in safe mode. In the past, I've had virues destroy the system restore backups, luckily this one didn't.
johnny (Sent Jan 29, 2010 1:30:12 PM)
Whats Porn..
NROP (Sent Jan 29, 2010 1:28:42 PM)
Macman, that works until such time that the number of macs out there make it interesting for hackers to pursue those too. Macs are far from immune to hacking, it's just that the numbers right now don't make sense. If you do some searching, you'll find that in a head to head contest not that long ago, it took hackers less time to break a mac's security than a windows based machine with linux still coming out top of the heap.
nobogmac (Sent Jan 29, 2010 1:27:11 PM)
And Macs never have problems because they never blue screen. Oh wait, everything is frozen or there's that spinning pinwheel of death. I've been there and done that too!
Not A MacHead, San Diego, CA (Sent Jan 29, 2010 1:27:08 PM)
I've ran into this several times. Supposedly my "My Computer" window pops up and starts going thru a virus scan showing hundreds of viruses on my puter. All I can do is sit back and laugh. I traced down the web site where it originates and wanted to leave them an e-mail but there was no way of doing this. I just wanted to laugh in their faces cause I don't run Windoze, I run Linux Mint and Ubuntu. Just wanted to let them know what butts they made of themselves.
Waya (Sent Jan 29, 2010 1:25:16 PM)
I've ran into this several times. Supposedly my "My Computer" window pops up and starts going thru a virus scan showing hundreds of viruses on my puter. All I can do is sit back and laugh. I traced down the web site where it originates and wanted to leave them an e-mail but there was no way of doing this. I just wanted to laugh in their faces cause I don't run Windoze, I run Linux Mint and Ubuntu. Just wanted to let them know what butts they made of themselves.
Waya (Sent Jan 29, 2010 1:25:10 PM)
I've been removing this sort of malware from computers for a long time. I wish that the law enforcement actually gave a fart about actually catching them. Personaly I would like to see them hung in public with ignomious burial afterwords. They cost the public FAR more than the 150 million that the author claims. Think about all the money that the victims have to shell out to correct their inital mistake at paying the money out. The unoffical estimate in 2006 was 2.5 billion dollars in this country alone. What do you think it is this day?
Ted, Orlando, FL (Sent Jan 29, 2010 1:24:48 PM)
You don't have to buy a MAC, just switch to Linux. Much faster and NO viruses!
John Doe, Seattle, Wash. (Sent Jan 29, 2010 1:24:06 PM)
First porn is not the problem.
Second Mac is not the answer either as more hackers are attacking Macs, the only reason there are not more Mac viruses is because if you are going to attacking something then you go for the bigger fish.
Next and most important, do not click on the X in the upper right corner. There are ways to open dialog boxes on screens without the X and then you build your own X. The only way to get out of these boxes is to hit Alt-F4 which closes the active window, if that does not work kill the process. Programmers can write code and attach it to the close event of a window as well but when you kill the window the on close event does not fire. If you click a button the on close event will fire.
A Programmer (Sent Jan 29, 2010 1:23:15 PM)
I'm an IT guy and saw 3 of these in the past week. The only way I got rid of them totally was to rebuild the users PC. I've been doing this for 17 years and these latest ones are nasty!
Jim M, Elk Grove Village, IL (Sent Jan 29, 2010 1:22:55 PM)
When they first pop up press Alt-F4 This closes the active page on the desktop.
Mister WolfDog, Santa Ana, California (Sent Jan 29, 2010 1:22:29 PM)
and, by the way, I watched a mac user get hit yesterday with one of these- total antivirus. we took his computer directly into the shop, but it somehow fried the OS. Using a mac no longer protects you from viruses, and they seem to hit the mac MUCH harder.
sikchimp, seattle wa (Sent Jan 29, 2010 1:21:39 PM)
So far I have picked this up 3 times in the past month! Fortunately each time I have hit the re x and closed out IE, then run my Microsoft ONE CARE virus program. One time it had to clean up the system, but the other two times nothing was downloaded to my computer. All of the times I have been attacked by this program I was running Internet Explorer 8, and I was on news programs like MSNBC, or Yahoo News.I have a firewall and virus protection, so I know what my programs look like, and I was almost fooled into using these trojans.But if you shut your IE down, and then manually start your virus programs you won't become infected.Don't trust any pop ups! even if they look like they are for real.
Connie Sacto California (Sent Jan 29, 2010 1:16:34 PM)
I'd not even bother with the Red X. Too many times these companies mask the X so what you think is the red X is just another active link inside the actual program. I personally ALT+F4 the program to close it out. Works 99% of the time. the few times it doesn't I CTRL+ALT+DEL to get the task manager, then I close FireFox or IE from there.
If prompted to restore your previous session, select a new session and you are good to go.
Smitty, FL (Sent Jan 29, 2010 1:16:30 PM)
Anti-virus software often doesn't catch it because these can be little programs just like any other program. And, if you install a program, you've just given it permission to do whatever it does.
Soem Antivirus software tries to detect suspicious activity by installed apps. But, I've seen more false positives (legitimate program blocked or quarantined) than actual malicious programs stopped.
Michael L. Buie (Sent Jan 29, 2010 1:16:28 PM)
About time someone wrote about this. I've wanted to start class actions against them, but I don't have the ability to track them. The FBI should have a team attacking these people.
http://redtape.msnbc.com/2010/01/tu...theyve-got-to-trick-the-infected-pc-into.html
