ransomware
Latest
'Blackshades' webcam malware co-creator gets probation
The head of the 'Blackshades' hacking ring might be doing hard time, but one of his former partners won't be facing so bleak a future. A judge has sentenced malware co-creator Michael Hogue to 5 years' probation, a forfeiture of $40,000 and 500 hours of community service in return for pleading guilty to hacking and malware distribution charges back in 2013. The Remote Access Tool he helped write was heinous (it allowed webcam spying and ransom hijacking), the judge said. However, Hogue also cooperated with prosecutors and otherwise "did what he could" to set things right after he was caught -- the court just wasn't going to throw the book at him. While that might not be much consolation to the tool's 1 million victims, it should help close a particularly dark chapter of internet history.
Malware swipes 225,000 Apple accounts through jailbroken iPhones
Jailbreaking an iPhone gives you the freedom to run the apps and interfaces you want (rather than those allowed by Apple), but it also carries some inherent risks -- you're giving apps much more control over your phone. And unfortunately, some of these users are discovering this the hard way. Researchers have discovered a strain of iOS malware, nicknamed KeyRaider, that has stolen over 225,000 Apple IDs from jailbroken devices. The software takes advantage of Chinese app repositories that let people directly upload and share their own titles. If you happen to download the code, it'll either scoop up your Apple account data (to give rogue users "free" apps) or hold your phone for ransom.
Huge malware campaign used Yahoo's ad network
You've probably heard of malware-laden ads causing havoc on the web, but rarely on this scale. Malwarebytes has discovered a malware campaign that was using Yahoo's ad network to target legions upon legions of visitors -- Yahoo's main site racks up 6.9 billion visits per month. While it's not clear what would happen if you fell victim to an attack, the Flash-based exploit kit linked to the campaign typically includes both ad fraud and ransomware. In short, there's a real chance that you could have been locked out of your PC simply by checking on your fantasy sports league.
Android security flaw puts your phone into a near-coma
Android has more than one video-related security hole on its hands at the moment. Trend Micro has found a flaw that uses a malformed Matroska (MKV) video in apps or websites to crash Android's "mediaserver" service, effectively turning the target device into a paperweight. It'll not only render your phone's interface mostly or completely unresponsive, but silence all calls and notifications. You might not even get past the lock screen, if your phone is locked during the incident. An intruder could take advantage of this seemingly brain-dead state to hold your handset for ransom, threatening to shut you out unless you pay up.
Kaspersky releases decryption tool that unlocks ransomware
You never should have clicked on the email attachment from that Nairobian prince. Now ransomware's got you locked out of your own computer and is demanding money before you can use it again. But before you reach for you wallet, take a look at this decryption key generator that Kaspersky has built. The Netherland's National High Tech Crime Unit (NHTCU) recently got its hands on a CoinVault command-and-control server (a type of ransomware that has been infecting Windows systems since last November) and, upon examining it, discovered a large database of decryption keys. The NHTCU shared this information with Kaspersky which used it to build the Noransomware decryption tool. Granted, the program isn't 100 percent effective yet -- it's not like the NHTCU got all of the potential keys off of that one server or anything -- but as police forces around the world continue to investigate the CoinVault ransom campaign, Kaspersky expects to grow the key database and further improve the tool's functionality. Plus, it's still better than paying some schmuck hacker to give you back your digital dominion.
Malicious ads on major websites held users' files to ransom
A widespread attack has exposed millions to malware that holds files to ransom. The campaign, which was first detected a month ago, placed fake adverts on websites such as Yahoo, AOL and The Atlantic that installed so-called "ransomware" onto a victim's computer. The attackers stole assets from the likes of Case Logic, Bing and Fancy in order to make the malicious ads appear real, but once a computer becomes infected, things get very bad, very fast, for victims.
Daily Update for July 16, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Ransomware posing as an FBI notice targets OS X users
Malwarebytes Unpacked is reporting that cyber-criminals looking to make a quick buck have begun targeting unsuspecting OS X users by hijacking their web browser and posting a warning message purporting to be from the FBI. The fake message casts a wide net and alerts users that their computer has been locked down because they've either downloaded copyrighted content, viewed illegal pornographic content or have unknowingly fallen prey to malware. The "FBI Notice" then informs users that they can unlock their computer for US$300, payable, of course, via a GreenDot MoneyPak card. The report notes that the ransomware appears when a user queries a search engine using popular search terms. Even if users recognize the alert as being nothing more than an underhanded scam (the shady URL pictured above certainly gives it away), attempting to exit the "FBI" page is fruitless as a warning message reappears time and time again when a user attempts to leave. What's more, if you force quit Safari, the ransomware will re-appear on account of Safari's "restore from crash" feature. Users, however, can skirt around the "restore from crash" feature by either resetting Safari, or perhaps more simply, restarting Safari while holding down the Shift key. Notably, Malwarebytes Unpacked says the ransomware affects other browsers on OS X as well. Video of the ransomware in action can be seen below.
Possible addon business models
Ever since that new addon policy came to light, some addon devs are furious, and threatening to stop publishing their addons completely. But others are being a little more optimistic -- instead of shutting down their addons, they're trying to figure out new ways around Blizzard's rules in order to get compensated for their work. selenite on WoW LJ has one such idea: he suggests a method of "ransomware," where the creators of a mod ask for donations (on their sites, not in-game, as that's against the new policy) and set a goal before they release a new version. BRK had a good point on last week's podcast as well -- he suggested that, like the popular WoW Web Stats, some addons (Recount was one suggestion that came up) can offer information out of game rather than in-game, thus making them able to charge for it, or show advertising on it.Now, some may say that even these types of models will still go against Blizzard's rules (in fact, the rule that says addons may not charge for distribution also hints that they may not charge for "services related", either), but at this point, we don't really know what these rules mean, since, as far as we know, Blizzard hasn't actually shut down any addons. Blizzard may be trying to say that any attempt to make money off of an addon will get it shut down in the game (a strong statement, since you'd think anyone putting time and work into an addon should get something back for it). And if they really do have issues with people who help players play the game making money off of it, what about sites like Wowhead? What about us here at WoW Insider?At any rate, the ideas are out there. If developers really want to get something back for their work, and they have an addon or an idea that's worth paying for (keep in mind that competition is always there -- if an addon like Recount does charge to go visit another site and get DPS meters, they'll have to make sure it's worth paying that amount rather than just using a free addon), there will probably be a way for them to get compensated.
