Windows 7 Forums
Home Articles Register Members Search Windows 7 Support Links
Member Login:

Windows 7 Forums > Windows 7 Forums > Security > Ransom Trojan 2011 - Information

Reply
Thread Tools

[SOLVED] Ransom Trojan 2011 - Information

 
 
Ace Ace is offline
Established Member
Ace's Avatar
Join Date: Jul 2011
Location: Canada
Posts: 315
Thanked: 56
Send a message via MSN to Ace Ace's Twitter Pag
 
      08-17-2011
Even though files are deemed as updates, you should always check them for validity before installing them, or install at your own risk.

Recently there was an update for firefox from a fake firefox site

Code:
http:// firefox.perl .sh
File Info:
MD5: 9a6f87b4be79d0090944c198a68012b6

Originally, there were only 3 detections for it:
https://www.virustotal.com/file-scan...299-1299783978
(Almost all of the great AV's were unaware of this file's malicious activity it looks like)

But after a while it became more known with AV's and it's detection rate raised up to 40/42 of the online built in scanners:
https://www.virustotal.com/file-scan...299-1302561162

A friend of mine had this on his computer:


A result of downloading this file.

The file appears to lock all application executions, as well as your entire Operating System from being used, and it prompts you with this message instead.

I took the file off his computer, and did some testing with it on my own unaware that this Ransomware would "release" itself after a while. Since there was an area for a key activation to allow you to access your Operating system again.



Here would be your next screen. However all of those given numbers are invalid.

Testing this with a few debugging tools on my own machine gave me a key: 1351236 Which apparently is the real key to get back into your system. Each digit has to be entered into the textboxes.

However this would be a pretty dangerous file, the Ransomware actually gives you a valid key after quite a few tries I believe, with testing those numbers given of course, which was the only catch. It worked for some people but didn't for me.)

I was actually pretty intrigued at how the newer generation of trojans have become so diverse in human engineered malware. Also at how people came up with the idea to create a system locker like this is pretty frightening.

This exact file was also released as an adobe flash update executable from what i've read. All sites hosting this Ransomware have been removed by the bigger parties though I believe.

More Information here:
 
Reply With Quote
 
 
 
Reply

« How Secure is YOUR Password? | e-mail security »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Blue screen Power failure, Help! josh43 Windows 7 Support 6 08-16-2011 08:41 AM
Crash dump help aalaptop Windows 7 Support 12 08-08-2011 06:40 PM
Bluescreen: IRQL_NOT_LESS_OR_EQUAL nugg3n Crashes, BSODs and Debugging 5 07-26-2011 10:07 PM
Random BSOD BladeRunner Crashes, BSODs and Debugging 6 07-26-2011 01:14 AM
1st BSOD after mobo/ram upgrade brkkab123 Crashes, BSODs and Debugging 32 04-28-2011 06:56 AM


All times are GMT +1. The time now is 12:48 AM.
W7Forums is an independent website and is not affiliated with Microsoft Corporation.
Powered by vBulletin® Version. Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows 7 Forums - Windows 8 Forums - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33