RANSOMWARE: A NEW VARIATION ON SCAREWARE

Categorized | Uncategorized

RANSOMWARE: A NEW VARIATION ON SCAREWARE

Posted on 05 November 2009 by SECN.

Greg Johnston, tech columnist

Wednesday, news broke of a Dutch teen who successfully hacked “jailbroken” iPhones (phones hacked by their users to allow them to operate free of the usual ties to Apple and it’s designated telecom carrier in a given country) on a Dutch telecom service. A ransom was demanded to allow the user to secure their phone properly. The teen sent the phone’s owners an email asking the owner make a Euro4.95 payment to the teen’s PayPal account, so that the phone would be unlocked, and the user would receive instructions on how to change settings to prevent the vulnerability the teen exploited. The teen could potentially have sent texts, recorded calls, or even made calls or pretty much anything else on any of the hacked iPhones.

That this attack affected smartphones, rather than PC’s, and Apple’s popular iPhone in particular, made this noteworthy, as did the fact that a lone teen almost pulled off a major scam. It’s not 2001 anymore, and most viruses and hacking activities are perpetrated by organized criminals based in eastern Europe, Russia, and parts of southeast Asia, and they are not pulling pranks, they are stealing data, banking, personal, and credit information, or capturing computers to launch further attacks and spam.

Also significant is that this represents the latest in cybercrime activities, which is being called “ransomware.”

I have previously written in SE Calgary News about scareware – fake security software that often features a scary and official-sounding pop-up window appearing on your computer screen while web browsing, masquerading as a notice of a security problem or that the computer is not running properly. Scareware dishonestly attempts to get computer users to install antivirus, registry cleaners, or other software that, if it does anything, only fixes a problem created by the software’s creators themselves, and often does nothing but bilk buyers of their money and payment information, possibly for further fraudulent use.

Ransomware takes this one step further, much like the Dutch teen was able to do with the jailbroken iPhones – the attacker (or rather, the automated virus or Trojan they created) uses encryption software to encrypt a user’s hard drive contents, making them inaccessible, and then demands a payment to receive software that decrypts it. This is a relatively new trend, but it has been gaining momentum over the last year.

Computer security vendor and researcher CA Security reported a new ransomware variant (“Lorobot”) last week in this vein – on an infected Windows computer, user files created by many of the most popular programs are encrypted, making them inaccessible to the to user, and the desktop background is set to a message explaining that in order to have the files decrypted, a $100 payment has to be made.

So, yet another cybercrime/hacking story. What’s the takeaway for you as a reader from more bad computer news? It is simply this: it is truly important to be wary and cautious concerning your computer and your online activities. Certainly, do not click on or accept any offers for security software or “PC tune-up” offers that pop up in web surfing.

Regardless of the operating system you use – Windows, Mac OS X, or Linux, your everyday account should not be an administrator account. In the case of Mac, Linux, and Windows Vista or 7, there’s really no excuse for doing daily work as an administrator, it simply exposes you to added vulnerability, because if your account is compromised by a virus or Trojan, the hacker will inherit the same level of access as you have – which is to say, everything.

In Windows XP, still the most popular operating system out there despite being introduced eight years ago, and now being two generations behind the current Windows7, operating as a Limited User is not as straightforward, as many popular XP programs demand admin privileges to run – for example, pre-2007 Intuit products (Quickbooks, Quicktax, etc). Children should not have admin accounts, period – even tech-savvy teens often lack the wariness and skepticism to avoid sketchy software offers and bad online habits.

However, as all users should, regardless of their OS again, use a strong account password on all the accounts on the computer. A strong password is at least 6 characters, with at least 3-out-of-4 of the following: capitals, lowercase, numbers, and symbols.

Account settings in Windows are accessed via Control Panels from the Start menu, then User Accounts. In Mac OS X, the System Preferences app, by default a shortcut in the Dock, as well as under the apple menu, has an Accounts module.

Finally, I’ve said it before, but good antivirus/security software is a must have – simply avoiding “questionable” websites isn’t enough – or really possible. AVG Free or Avira AntiVir Free are both available at no cost for home users and provide quality basic antivirus protection.

For broader-based security, the paid versions of AVG or Avira are good choices, but my nod goes to Norton Internet Security 2009 or 360, ESET Smart Security, or Kaspersky Internet Security, all of which are top-rated performers both in terms of protection, speed, and minimizing performance impact on your computer. In the case of the Norton products, that may come as a surprise, as for years they have been known for being bloated, buggy, and slow, but they have been completely rewritten, and it shows.

Remember, play safe, and keep your stick on the ice.

Greg Johnston
greg@infotrek.ca
www.infotrek.ca