My late maternal grandfather was an F.B.I. Special Agent back from the ‘40’s to late 1960’s.
So I was bemused when a gentleman from the church brought me his wife’s XP laptop that when booted displayed an “official” looking lock screen from the “FBI” (complete with FBI seal) saying computer violations were found and locked by the FBI unless the user paid them a fine via a legitimate “MoneyPak” service.
Really?
No.
It was just a run-of-the-mill Trojan drive-by infection crafted by scummy scammers.
- New Internet Scam - Press release from the REAL Federal Bureau of Investigation at fbi.gov.
- FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law - ESET ThreatBlog
- How to remove FBI Moneypak virus? -ThreatLevel
- Remove the FBI MoneyPak Ransomware or the Reveton Trojan - BleepingComputer
It took the better part of a Monday night NFL football game to clean, but I was able to get things restored and back in service.
…and then updated all the third-party browser apps (Java, Flash, Shockwave, etc.) as well as the latest version of the installed AV/AM software.
Related: SOPA reincarnates to hold your computer hostage - ZDNet.
--Claus V.
2 comments:
I have heard references to this 'ransomware' but this is the first I have heard of a specific one.
# FF Guru - yeah, likewise. It was interesting but this version wasn't particularly sophisticated. I didn't feel like adding the details of the takedown/cleanup this time as the links are pretty good. Basically I just off-line booted it with one of my WinPE sticks, tossed a few "off-line" AV/AM scanner tools at it. Let them deal with the bulk of the cleaning, then after it was in a usable state on the user's normal desktop account finished out with some minor cleanups with AutoRuns/ProcessExplorer and updated Java/Flash/etc.
Not hard work but the user was really freaked out and frustrated with it. I had earlier installed Firefox and Chrome on it for them when I last saw it, but they weren't keeping those browsers current and were just using IE with the way-old-and-vulnerable versions of Java/Flash that plugged into it.
A drive-by/click-jack nightmare waiting to happen.
Sigh....
-Claus V.
Post a Comment