Members
Stats
  • Total Posts: 28510
  • Total Topics: 8239
  • Online Today: 852
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: New ransomware prevents Windows from starting  (Read 1537 times)

0 Members and 1 Guest are viewing this topic.

davids

  • SCF Member
  • **
  • Posts: 41
  • KARMA: 14
New ransomware prevents Windows from starting
« on: 14. April 2012., 07:47:05 »
A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.

"Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code," said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post on Thursday. "Right after performing this routine, it automatically restarts the system for the infection take effect."

The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.

Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.

Read more at http://www.wincert.net/news/security/2916-new-ransomware-prevents-windows-from-starting

Samker's Computer Forum - SCforum.info

New ransomware prevents Windows from starting
« on: 14. April 2012., 07:47:05 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Thanks for warning pal. :thumbsup:

Here is also more detailed explanation provided by Trend Micro: http://blog.trendmicro.com/ransomware-takes-mbr-hostage/

Quote

As an added precaution, users must keep their system up-to-date with the latest security patch provided by vendors and avoid clicking links contained in dubious-looking messages.


P.S.

@davids

"Vipre case" is moved to Feedback area: http://scforum.info/index.php/board,3.0.html




devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: New ransomware prevents Windows from starting
« Reply #2 on: 14. April 2012., 10:18:44 »
Except for the ransom-part (which is new to me) I wonder why this is interesting? It's just an OLD-school MBR virus. Nothing one cannot fix themselves, with bin-hex if needed ;p

Peace!

Devvie


~~~ notemail@facebook.com ~~~

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-012 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: New ransomware prevents Windows from starting
« Reply #3 on: 14. April 2012., 11:06:54 »
FROM: http://en.wikipedia.org/wiki/Ransomware_(malware)

Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Re: New ransomware prevents Windows from starting
« Reply #4 on: 16. April 2012., 09:55:02 »
 :up:
Good to know !
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising