Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

FBI Drive-by Virus

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
joany
Forum Veteran
Forum Veteran
Posts: 5919
Joined: Mon Feb 12, 2007 1:45 pm

FBI Drive-by Virus

#1 Post by joany » Sun Oct 14, 2012 9:29 am

My local newspaper printed an article about a drive-by virus that has been around since August.

http://www.mcall.com/news/local/watchdo ... 501.column

The reason the article was published is because an area resident recently fell for the trap. Here's what it did:
FBI IC3 wrote: “While browsing the Internet a window popped up with no way to close it,” one Reveton victim recently wrote to the IC3. “The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
I've got to admit the authors of this virus were pretty creative, especially the part where the victim's web cam snaps an image of the victim and pastes it into the popup. They also figured out a way for victims to enter MoneyPak numbers while their computers are frozen. The aggressiveness by the FBI in pursuing actual cases of on-line piracy just makes the scam that much more believable.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
Danum
Forum Guide
Forum Guide
Posts: 2556
Joined: Sun Mar 25, 2007 5:49 pm

Re: FBI Drive-by Virus

#2 Post by Danum » Sun Oct 14, 2012 9:59 am

My local newspaper printed an article about a drive-by virus that has been around since August.
The removal instructions have been on M$ and YouTube since June
http://www.youtube.com/watch?v=o08c1rBOL98
Desktop.
Zalman Z11 Plus ATX PC Tower, AMD FX 8350 Black Edition Vishera, 8 Core 4.4 GHz, Kingston HyperX FURY Red 16GB, Nvidia GT740 Graphics, Pioneer BDR-209EBK Writer, 2 x Seagate 1TB SSHD SATA Hybrid Hard Drives. ASUS VS278Q 27 inch HD Monitor

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2823
Joined: Mon Jun 30, 2008 8:06 pm

Re: FBI Drive-by Virus

#3 Post by GoManutd » Sun Oct 14, 2012 11:33 am

there's been MASSIVE increase in the number of ransomware incidents over the last couple of months, and it's not just targeting corporate computing anymore....

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: FBI Drive-by Virus

#4 Post by uncle mark » Sun Oct 14, 2012 12:28 pm

joany wrote:I've got to admit the authors of this virus were pretty creative, especially the part where the victim's web cam snaps an image of the victim and pastes it into the popup. They also figured out a way for victims to enter MoneyPak numbers while their computers are frozen. The aggressiveness by the FBI in pursuing actual cases of on-line piracy just makes the scam that much more believable.
I've run into this a couple times. One was my next door neighbor, and he was really concerned that it might be legit and that his kids had downloaded some music or movies or something and the FBI really was coming after him.

There are several variants, so the cleanup protocol can vary. The key is with machines with System Restore enabled, you need to get rid of the restore points, as the trojan respawns from there and most cleanup tools don't detect it within the restore points. Otherwise, it's a pretty straightforward fix.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
robert1
Forum Regular
Forum Regular
Posts: 201
Joined: Thu Jul 12, 2007 11:19 pm

Re: FBI Drive-by Virus

#5 Post by robert1 » Sun Oct 14, 2012 2:17 pm

this kind of insanity is what caused me to stop using Microsoft Windows 10 years ago. Microsoft just cannot produce a secure operating system.

call me cynical, but why are people still wanting to use that "Not Fit For Purpose" OS?, especially the Mepis users in this forum.
Microsoft products should be shunned by the public & deemed as a defective product.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: FBI Drive-by Virus

#6 Post by uncle mark » Sun Oct 14, 2012 2:47 pm

robert1 wrote:this kind of insanity is what caused me to stop using Microsoft Windows 10 years ago. Microsoft just cannot produce a secure operating system.

call me cynical, but why are people still wanting to use that "Not Fit For Purpose" OS?, especially the Mepis users in this forum.
Microsoft products should be shunned by the public & deemed as a defective product.
I always get a kick out of reading about the latest "cyber threat".

Google Shamoon Virus and see what comes up.

http://en.wikipedia.org/wiki/Shamoon

It's crippled many energy companies in the Mideast.

"Shamoon, also known as Disttrack, is a modular computer virus discovered in 2012 that attacks computers running the Microsoft Windows "NT" line of operating systems..."
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
Gaer Boy
Forum Guide
Forum Guide
Posts: 2109
Joined: Sat Jun 06, 2009 6:06 am

Re: FBI Drive-by Virus

#7 Post by Gaer Boy » Sun Oct 14, 2012 5:15 pm

robert1 wrote:this kind of insanity is what caused me to stop using Microsoft Windows 10 years ago. Microsoft just cannot produce a secure operating system.

call me cynical, but why are people still wanting to use that "Not Fit For Purpose" OS?, especially the Mepis users in this forum.
Microsoft products should be shunned by the public & deemed as a defective product.
The key word in your question is "wanting". I don't want to use Windows, but I need it for a few applications where I cannot find a linux alternative. I have a virtual XP, which does almost all I need, but I still need a real XP installation on Anne's machine for her to borrow e-books from our local library. They use Adobe Digital Editions for DRM and that won't run in VBox, plus I can't get the Sony eReader to install the Sony software in VBox for transfer.

I spent a few months earlier this year trying to identify a linux database app to do what I need, but in the end had to go for Filemaker Pro (Win & Mac only). I can't manage without GPSUtility (Win only) for detailed editing of tracks while switching the map background on and off. Until I retire it, I need Windows to use the full facilities of my Konica-Minolta laser. And, although I use it rarely these days, I can't find a simple CAD app to replace ExtraCAD for Windows 95.

I'm sure the rest of us that still use Windows have similar problems, plus the need to have Windows apps for work (I never had that - we were an IBM/Lotus/Wordperfect house).

Phil

AsRock FM2A88X-ITX+, A8-6500, 8GB, 120GB Samsung SSD (GPT), 1TB HDD (MBR), MX-16
Lenovo Thinkpad X220, dual-core i5, 3MB, 320GB Hitachi HDD, Win7, MX-16.1

User avatar
joany
Forum Veteran
Forum Veteran
Posts: 5919
Joined: Mon Feb 12, 2007 1:45 pm

Re: FBI Drive-by Virus

#8 Post by joany » Sun Oct 14, 2012 5:57 pm

uncle mark wrote: I always get a kick out of reading about the latest "cyber threat".

Google Shamoon Virus and see what comes up.

http://en.wikipedia.org/wiki/Shamoon

It's crippled many energy companies in the Mideast.

"Shamoon, also known as Disttrack, is a modular computer virus discovered in 2012 that attacks computers running the Microsoft Windows "NT" line of operating systems..."
The last statement struck me as a little odd. AFAIK, Windows NT was superseded by Windows 2000 over a decade ago. I think all this means, however, is that Shamoon won't run on "pre-NT" operating systems like Windows ME or Windows 98. Every Windows architecture starting with NT shares a common set of attributes that aren't found in the earlier operating systems. This architecture is employed in Windows XP, Vista and 7.

Another article on Shamoon: http://www.huffingtonpost.com/2012/10/1 ... technology

It wouldn't surprise me if this virus, along with a number of other recent ones, are being created and released by state-sponsored organizations as part of a wider East-West cyber war.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: FBI Drive-by Virus

#9 Post by uncle mark » Sun Oct 14, 2012 6:34 pm

The "NT line" they are referring to most assuredly means all MSFT OSs beginning with NT, and continuing through at least W7.

Would Linux desktops have fared any better? Of course. But that's not even the question. The question I would be asking is "How many of those 30,000 machines that ARAMCO had infected were running with admin rights?" I think I know the answer.

In these situations, it's silly to blame MSFT or Iran or anybody other than the IT vendors that set up the company's infrastructure, and the company's IT management that didn't insist on locking Windows down.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 11380
Joined: Wed Jul 12, 2006 5:54 am

Re: FBI Drive-by Virus

#10 Post by lucky9 » Sun Oct 14, 2012 7:11 pm

uncle mark wrote:The question I would be asking is "How many of those 30,000 machines that ARAMCO had infected were running with admin rights?" I think I know the answer.

In these situations, it's silly to blame MSFT or Iran or anybody other than the IT vendors that set up the company's infrastructure, and the company's IT management that didn't insist on locking Windows down.
Hit the nail on the head! Although Microsoft is ultimately to blame.
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

Post Reply

Return to “Security”