Interesting piece on "new" form of malware
Oct 1, 2008 1:08:38 GMT
Post by CharlieChomper on Oct 1, 2008 1:08:38 GMT
I still have 18 more articles to comb through, but as I ran across this article earlier today and given the nature of it, thought I'd share it with you for those who may be interested.
Basically, it involves a very scary new form of malware that some maliciously-minded person has come up with and has been making use of for the past two years it seems.
The way it works is that someone using compromised computers or those just infected/infested with other forms of malware and "bots" and which the party can easily take control of remotely without the user even being aware of it (these sorts of systems--including those which have been compromised in such a fashion are referred to as "zombies". They're not only incredibly popular amongst the malware writers for spreading around their virii, worms, trojans, spyware, etc. but also people looking to engage in other types of illegal activities such as breaking into other systems or networks, etc.), and usually going through a few such systems in various countries will then attempt to infest a computer or network (targeting Windows systems) and "infect" it with this particular type of malware.
Now, on the surface that may not sound as bad as it really is nor as though it really deserves any special mention, but in this instance, the malware in question works to encrypt all the data on the compromised machine using a special, very sophisticated and high level "key" which only the person who wrote the malware actually possesses. In effect, those who physically need access to the data can't so much as read it nevermind see it beyond the fact that they've been denied access to it and are basically "locked out" of their own files (regardless of what operating system they may try and access those files through), Windows, and possibly the network (if it's mainly running Windows).
However, the person who possesses the key, is the only person who can actually unlock/decrypt everything given how things have been implemented. They've taken matters a step further and basically ask for what amounts to a ransom (ie pay them X amount of money for them to unlock/decrypt the data so you can get access back to it or it remains in the current state until you do). That's why this has been nicknamed as "ransomware".
Currently, this has been a fairly rare phenomena and has largely been limited to Eastern Europe. However, the individual behind this has begun to target other parts of the world as well and just recently did this to a medical facility in Cuba.
Unfortunately, none of the anti-viral or security firms have been able to really do anything about either stopping this nor fixing systems which are put into this state. Furthermore adding to the problems is that he has become much more sophisticated in his encryption methods over the years and made the malware much more complex than it had been in the past.
One of the major anti-viral and security companies managed to track the person responsible down and had found him, after he attempted to sell them a tool which supposedly would help in decrypting the infected systems. That's the good news.
The bad news is that there is some question as to whether or not he will be actually held responsible for his actions or even arrested or tried for them, given the current situation in the country he's from and is currently operating out of and the problems that arose when the EU and countless countries wanted to extradite and try the group responsible for the notorious "Storm Worm" that has been on the loose and has been compared to the HIV of malware (in that anytime the security groups or anti-malware companies think they've finally figured it out and are close to finding a way of either preventing it or "curing" infected systems, it changes so completely again they have to start over again).
Basically, it involves a very scary new form of malware that some maliciously-minded person has come up with and has been making use of for the past two years it seems.
The way it works is that someone using compromised computers or those just infected/infested with other forms of malware and "bots" and which the party can easily take control of remotely without the user even being aware of it (these sorts of systems--including those which have been compromised in such a fashion are referred to as "zombies". They're not only incredibly popular amongst the malware writers for spreading around their virii, worms, trojans, spyware, etc. but also people looking to engage in other types of illegal activities such as breaking into other systems or networks, etc.), and usually going through a few such systems in various countries will then attempt to infest a computer or network (targeting Windows systems) and "infect" it with this particular type of malware.
Now, on the surface that may not sound as bad as it really is nor as though it really deserves any special mention, but in this instance, the malware in question works to encrypt all the data on the compromised machine using a special, very sophisticated and high level "key" which only the person who wrote the malware actually possesses. In effect, those who physically need access to the data can't so much as read it nevermind see it beyond the fact that they've been denied access to it and are basically "locked out" of their own files (regardless of what operating system they may try and access those files through), Windows, and possibly the network (if it's mainly running Windows).
However, the person who possesses the key, is the only person who can actually unlock/decrypt everything given how things have been implemented. They've taken matters a step further and basically ask for what amounts to a ransom (ie pay them X amount of money for them to unlock/decrypt the data so you can get access back to it or it remains in the current state until you do). That's why this has been nicknamed as "ransomware".
Currently, this has been a fairly rare phenomena and has largely been limited to Eastern Europe. However, the individual behind this has begun to target other parts of the world as well and just recently did this to a medical facility in Cuba.
Unfortunately, none of the anti-viral or security firms have been able to really do anything about either stopping this nor fixing systems which are put into this state. Furthermore adding to the problems is that he has become much more sophisticated in his encryption methods over the years and made the malware much more complex than it had been in the past.
One of the major anti-viral and security companies managed to track the person responsible down and had found him, after he attempted to sell them a tool which supposedly would help in decrypting the infected systems. That's the good news.
The bad news is that there is some question as to whether or not he will be actually held responsible for his actions or even arrested or tried for them, given the current situation in the country he's from and is currently operating out of and the problems that arose when the EU and countless countries wanted to extradite and try the group responsible for the notorious "Storm Worm" that has been on the loose and has been compared to the HIV of malware (in that anytime the security groups or anti-malware companies think they've finally figured it out and are close to finding a way of either preventing it or "curing" infected systems, it changes so completely again they have to start over again).