Adware, malware, spyware, hijacker discussion and information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Spyware Removal Help]


It is currently Sat Jul 31, 2010 2:12 pm

Board index » Emerging Security Threats and News » Countermeasures Discussions\News

All times are UTC - 7 hours




Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
TeMerc
 Post subject: Ransom - Pay me more - Part II
PostPosted: Mon Jun 08, 2009 3:20 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15493
Location: PHX, AZ
I recently got an important clue, how this ransom deal takes place between a victim and these cyber criminals. One of reader who became victim of this ransomeware dropped an email to this ransom guy at the address otrazhenie_zla@mail.ru for his files recovery.

This was the response by that guy:
Quote:
"Transfer into account pay pal 50 dollars here email pay pal otrazhenie_zla@mail.ru'

Interestingly, instead of asking him standard $10 ransom (as mentioned in his earlier message) he asked him for $50, typical criminal mentality, isn't it? Unfortunately his greed doesn't end here. This malware instance came bundled in a fake 'SWF video codec' file. Upon execution this setup file installs three different malware on the victim machine including this ransomware.
    1. 5f9927ee59b4881a2ce8634332f63fa8

    Trojan Encoder, the one that encrypts the user file and asks for ransom in return.

    2. 010d7b79d002d747f420a7880f89ee38

    A password stealing Trojan that uploads user personal information on a remote command and control server (antivirusubdate.no-ip.biz) using obfuscated protocol on TCP port 3460.

    3.010d7b79d002d747f420a7880f89ee38
0-= Continnued @ FireEye Intelligence Lab

_________________
Image

Top
 Profile Send private message  
 
MysteryFCM
 Post subject: Re: Ransom - Pay me more - Part II
PostPosted: Mon Jun 08, 2009 3:57 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun May 15, 2005 12:42 pm
Posts: 3472
Location: Newcastle, UK
I've had freehostia.com shut down the updatecodec.freehostia.com account, along with the other *.freehostia.com accounts listed in hpHosts :)

They now hold the record for being the fastest ISP to respond to and act on, abuse reports :)

_________________
Regards

Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Board index » Emerging Security Threats and News » Countermeasures Discussions\News

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Who is online
Who is online In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 115 on Tue Jul 13, 2010 5:32 pm

Users browsing this forum: No registered users and 1 guest

New posts    No new posts    Forum locked
Powered by phpBB