gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 25, 2024, 02:46:20 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
gfx
gfxgfx
 

Author Topic: 'NSA PRISM spies' shake down victims with bogus child-abuse vids claims  (Read 1077 times)

0 Members and 1 Guest are viewing this topic.

http://www.theregister.co.uk/2013/09/12/prism_themed_ransomware/

Quote
Crooks are using the NSA's notorious global web surveillance scandal in ransomware campaigns: punters are falsely accused of downloading illegal material, told their PCs are now locked from use, and ordered to hand over a cash "fine" to unlock their computers.

Cloud security firm Zscaler has spotted 20 hijacked domains hosting malicious web pages that attempt to trick naive web surfers into either installing scareware - because it's claimed their computer is supposedly riddled with malware - or handing over money to unlock PCs that have supposedly been used to download images of child abuse.

Marks are either confronted with a warning that malware has supposedly been detected on their computer, or a bogus NSA PRISM-themed alert. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.

The campaign started off by pushing fake antivirus software (aka scareware) on the pretext that viruses had supposedly been detected on a mark's computer and money had to be paid out to have the nasties removed.

Now it's pushing a ransomware scam, which claims that child porn has been detected on a PC. The user is told he or she can "avoid prosecution" by handing over $300. In the meantime the ransomware says it locks victims out of their machines.

These shenanigans have been common on the web for years, and it's only the PRISM angle that adds a new spin. Scammers are obviously hoping that their marks pay up to resolve the problem without giving this any further thought. The proposed opt-in system to allow adults to look at legit porn sites in the UK laws may inadvertently help the preposterous con appear a tad more plausible, according to Zscaler.

"The attacker uses the recent news about PRISM to claim that the victim's computer has been blocked because it accessed illegal pornographic content," a blog post by Zscaler ThreatLabZ researcher Julien Sobrier explains.

"The victim has to pay $300 through MoneyPak, a prepaid card service."

"The ThreatLabZ team expect attackers to take advantages of the upcoming UK laws on accessing adult content online to send new types of fake warnings to UK victims."

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: 'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
« Reply #1 on: September 12, 2013, 05:05:42 pm »
I had read about this kind of malware threat but until last week I had not yet encountered anything like it in the wild, what I found was not even real ransomware, althought named the same as a real file locking nasty the one I encountered was in fact fake and the giveaway clue was the prescence of a virtual drive (z:) to give the illusion of  there being a serious problem in your files.

Simple to remove in this case but had it been the real thing it might have been another story.


Re: 'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
« Reply #2 on: September 12, 2013, 10:10:25 pm »
Yeah I have heard horror stories about small business having their files all locked up and had top pay the ransom to get the files unlocked.

pays to have a nightly backup.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.01 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!