Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 19 March 2009

FileFix Pro 2009: Ransomware makes a comeback

Scareware in the form of Rogue AntiVirus software, such as XpAntiVirus2009, have long been a way to monetize infected computers. Previously, the Rogue AVs would present you with screens that listed malware you didn't have, and for a nominal fee, you could buy the full version and clean the "infections".

Over the past couple days, Vundo has been pushing a piece of malware that encrypts various personal file types (.pdf, .doc, .jpg, etc) on your system, and "coincidentally" pushes, a program called FileFix Pro 2009 which would decrypt them - for a fee. Although we (Julia) broke the encryption, it's a sobering realization of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of Internet malware.

Vundo has fundamentally altered its criminal business model from "Scareware" tactics to "Ransomware" extortion. While a user may be "silly" to buy into scareware, they have little choice but to purchase the decryption software once the ransomware does its thing.


Read more
http://blog.fireeye.com/research/2009/03/a-new-method-to-monetize-scareware.html

No comments: