How ransomeware can infect your computer

Discussion in 'malware problems & news' started by Krysis, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    For those wishing to know how ransomeware may 'infect' your computer - this example from Computerworld may be of interest.

    ''Last week, my company was paid a visit by some interesting malware. This time, it was ransomware: malicious software that disguises itself as "security software" but actually holds the system hostage to trick the user into paying money to the software's handlers''

    ''we were able to determine that the infection came from a Web advertisement on the front page of a major news service. The website for the news service was fine, but it links to a series of rotating ads, one of which was compromised. When the compromised ad appears on the news service's Web page, it infects the unlucky browser using JavaScript code -- a drive-by download of malware that doesn't require the user to do anything. No need to click "yes" or "continue" to any prompts -- the JavaScript code executes automatically as soon as the ad appears''

    http://www.computerworld.com/s/article/9233254/Security_Manager_s_Journal_New_ransomware_attack_hurts_trustworthiness_of_Web?taxonomyId=85
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Interresting read, I am glad that I use adblock... But this line makes me wonder:

    Did they actually ignore the alerts from their intrusion-detection and behavioral monitoring software?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Sandboxie does a pretty go job of stopping this kind of malware.

    Pete
     
  4. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    Would simply disabling Javascript in one's browser have stopped this particular ransomeware?
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    JavaScript, whitelisting domains (whatever method one prefers). Nothing complicated, just unaware users as usual. :argh:

    -edit-

    Blocking ads would have worked nice as well.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    I fail to see the novelty of what's afoot here.
    Mrk
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,254
    The author of the article clearly his limited knowledge of dealing with malware when he says the only way to get rid of the threat was to reimage the infected computers.
    Sure, I know that in some cases restoring from an image is quicker and easier then actually removing a threat, but to suggest that the threat could only be removed by doing a reimage is rediculous.
     
  8. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    183
    Location:
    Chesapeake, VA USA
    roger_m, he didn't say the only way to get rid of the malware was to reimage, but in a business environment where time is money is not cost effective to try and "fix" the computer with traditional methods. A reimage takes no time at all and ensures the pc is clean.

    :)
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,254
    He did say just that.

    No argument from me there.
     
  10. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,285
    The same applies to a home or personal environment. Leaving trivial cases apart, it is always better to reimage. But, of course, a reimage does take time ...
     
  11. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    20 min on my set up :)
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,254
    I need to delete some files - takes me hours.

    I have never restored from an image to clean malware. I do see the point in doing so, however in my case it quicker to remove the malware, and when I clean malware for others they never have an image of their system.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    It's the paradox - those who image, know their business, they never get infected, and hence they never need to restore due to malware. You end up having a setup that's much like nuclear weapons - a deterrent rather than something you would use. I think images are more useful against legit software doing boo-boos rather than malware.
    Mrk
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    You've hit the proverbial nail on the head :thumb: :D

    I'd say equally as useful against either, but I re-image due to the former rather than the latter.
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Yes, and also against failing hard-drives...
     
  16. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    these kind of drive by downloads should be stopped in W8 by default with the help of Windows Smart Screen

    And a necessity to have adblocker installed in browsers :)
     
    Last edited: Jan 14, 2013
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Yep, agreed on that.....
     
Loading...
Thread Status:
Not open for further replies.