Posted by: Pez
« on: 16. April 2012., 09:55:02 »
Good to know !
Members
Total Members: 14197- Latest: Levine
Stats
- Total Posts: 43440
- Total Topics: 16532
- Online today: 3043
- Online ever: 51419
- (01. January 2010., 10:27:49)
Users Online
Good to know !
Posted by: devnullius
« on: 14. April 2012., 11:06:54 »FROM: http://en.wikipedia.org/wiki/Ransomware_(malware)
Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others
Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others
Posted by: devnullius
« on: 14. April 2012., 10:18:44 »Except for the ransom-part (which is new to me) I wonder why this is interesting? It's just an OLD-school MBR virus. Nothing one cannot fix themselves, with bin-hex if needed ;p
Peace!
Devvie
~~~ notemail@facebook.com ~~~
Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-012 by DevNullius)
Peace!
Devvie
~~~ notemail@facebook.com ~~~
Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-012 by DevNullius)
Posted by: Samker
« on: 14. April 2012., 08:37:56 »Thanks for warning pal. 
Here is also more detailed explanation provided by Trend Micro: http://blog.trendmicro.com/ransomware-takes-mbr-hostage/
P.S.
@davids
"Vipre case" is moved to Feedback area: http://scforum.info/index.php/board,3.0.html
Here is also more detailed explanation provided by Trend Micro: http://blog.trendmicro.com/ransomware-takes-mbr-hostage/
Quote
As an added precaution, users must keep their system up-to-date with the latest security patch provided by vendors and avoid clicking links contained in dubious-looking messages.
P.S.
@davids
"Vipre case" is moved to Feedback area: http://scforum.info/index.php/board,3.0.html
Posted by: davids
« on: 14. April 2012., 07:47:05 »A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.
"Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code," said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post on Thursday. "Right after performing this routine, it automatically restarts the system for the infection take effect."
The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.
Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.
Read more at http://www.wincert.net/news/security/2916-new-ransomware-prevents-windows-from-starting
"Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code," said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post on Thursday. "Right after performing this routine, it automatically restarts the system for the infection take effect."
The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.
Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.
Read more at http://www.wincert.net/news/security/2916-new-ransomware-prevents-windows-from-starting