Genius or ingenious?

When I came across this article I wasn't sure what to think!

It sounds such a great idea but is it for the wrong and selfish reasons I think that?

Article:-

A new Trojan horse demands a $10.99 ransom payment to stop erasing files on the infected PC's hard drive, a security firm said Thursday.

According to U.K.-based Sophos, the Ransom.a Trojan freezes the computer, then puts up a message saying it will delete files every half hour until the user sends $10.99 via Western Union to a designated account.

In the message, the blackmailer claims that anti-virus software cannot retrieve the deleted files, that the traditional Ctrl-Alt-Del key combination won't unstick the computer, and that the "ransomware" runs each time Windows boots.

When the user presses Ctrl-Alt-Del, the malware pops up another message.

"Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S."

So-called "ransomware," malicious programs that threaten to destroy or lock up data, are still relatively rare, although this Trojan is the second in the last five weeks.

In mid-March, a different Trojan, called "Cryzip" and "Zippo.a," demanded $300 in return for a password that would free users' files from maliciously-made ZIP archives. Multiple security companies, however, quickly figured out the password.

Source: techweb.com/showArticle.jhtml?articleID=187000214&cid=Answers

if you found out where the files are wouldnt booting in linux work?? then the problems solved

Haha wouldn't think they would go to the extents of getting caught by supplying details for cash if booting up a *nix would work.

I might try and code something like this for my school project.

I'd like to get one and see if I could beat it… although it's not worth the risk.

it's a great idea, lol i love trojans, i think viruses and skript kiddies need to be shot, but i have a lot of time for inventive trojan, worm or RAT scripters :D

Ctrl+Alt+Delete isn't the only way to kill processes, I wonder if they protected against others…

mastergamer wrote: Ctrl+Alt+Delete isn't the only way to kill processes, I wonder if they protected against others…

Haha, that reminds me of simulated key presses, and when we were pissing about with the windows API hahaha xD

system_meltdown wrote: Haha, that reminds me of simulated key presses, and when we were pissing about with the windows API hahaha xD

Haha, messing with the windows API was great :D

I was thinking more along the lines of the sysinternals pslist and pskill programs

Ransom Trojans? Is this a new idea, I remember seeing an interview with a french hacker on About.com or whatever it's called, they talked of it on there, although I'm not too sure as to when that article was released.

It is pretty clever though, I would be majorly annoyed if a trojan demanded money, especially US dollars.

Wouldn't this be pretty easy to trace as you have to deposite the money into an account that has a name on it? You would think that they would freeze the account that the money is being deposited in and bust you if you ever try to use the account even if it is made under a phony name and address. If there is some way around this that I'm just being stupid and not seeing I would be happy to hear a responce.

Some banks in other countries will NOT give information out, nor do they request much. Swiss bank accounts ;)

If it is win32 platform virus, just use ctrl+shift+esc to open taskmanager (or start –> run –> taskmgr). It is good idea to try login into emergency mode (where are running just important applications for run of system). If you find me any info about that virus, I can try create script to stop it ;-)

rofl, yeah, that might not work there. It has keypress, but it also kills the application as soon as it opens. When it sees tskmgr.exe (or whatever it's called), it'll exit the program and display the message. This isn't actually all THAT new, it was happening a while back. In fact, i got to see one on the inside. ;)

Nice piece of workmanship.

You got to see one from the inside? Please post src if you still poses it!

:D Lukem

Alright, i'll talk to some people and see if they'll let me post the source publicly as of now.

^_^ Thanks

Just use cmd to close it =P

According to U.K.-based Sophos, the Ransom.a Trojan freezes the computer Well, you won't be able to do that if it freezes the computer :p

"Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S."

Btw, the one i saw would replicate 3 times in different locations. Some polymorphic stuff somewhere, but i didn't quit understand all that seemingly gibberish code…

lol, no news on whether you can post teh src then? you could always PM me it :P:happy:

Actually, it WOULD be cool to see the source, although theres the problem of those that will modify it and then send it back out. IMO, if you post it, its inviting SKs to play a game of 'IM A HAXXER AN U R MY VIKTIM!'

Think of it from my view. I know not many of us care about windows, but we are still trying to rid the world of Script Kiddies.

-Bl4ckC4t

well said blackcat! I have some links to great virii coding labs on the web with incredibly easy to understand tutorials and code, which either mostly written in C or Assm.