Cautionary Tale: Computer Hijacking, Extortion, and Sh*tware, Part 2

This is a follow-up to my computer post the other day. I received an email from fellow Moron "TheCoat" that was wonderfully informative, and I asked him if I could share it. He said okay, but he was worried about the curse words. I told him to think about that for a second: not a problem.

So yea, for many years now the most annoying malware has been software that masquerades as anti-virus/anti-malware software.

There are three general types of malware:

1.) Advertisement malware, which generally seeks to hijack your web browser. Basically it tends to load webpages you go to through their website, adding advertisements to each webpage you load. The key initial indicator that you’ve contracted something is when your browser homepage suddenly changes on you. To make matters worse they generally send you adds from less than reputable add services. Many sites use something like google adds, they put a google applet on their website that loads up adds out of a database when a visitor hits the site, and they get a small bit of revenue for each hit. Malware like this loads adds from someone else hence the creator/distributors financial incentive to do this. They endeavor to get their crap on as many systems as possible to cash in on advertisements, but these come from sources that are less than secure in who creates adds for them, and the content of said adds. Often times this means that the adds that get loaded have embedded exploit attempts, to load… you guessed it even more of this add crap. These exploits and pieces of software tend to be created by really shitty programmers, which means not only are they malicious but they tend to be buggy and do things that you shouldn’t be doing to a system in an attempt to hide themselves.

2.) What you seem to have gotten. Fake malware/spyware/virus protection and removal. These tend to be easier to track down and source simply because they give you a website to go buy their product, and often times their other product is what’s screwing up your system. The quickest way to tell you’ve gotten this tends to be a popup for security software you never loaded. Often times in an effort to hide it’s self from simple removal, and to change your system and cause problems, even if you do pay them they don’t get your system restored to the right state, because their programing is again done by crappy coders who don’t care.

3.) The latest is the cryptolocker series. What this little bag of hell does is scan your drives looking for any document types and then encrypts them. When it’s done it gives you instructions on how to go to their website pay them money and they’ll give you the key to unencrypt your files. Unlike the prior two, these are reputable scoundrels. If you pay them they will indeed give you the key and you can fully recover, however this funds them to keep spreading their ransomeware. I honestly think this one is based in an organized criminal racket. They make no bones about the fact that they are the ones screwing you over… but if you pay them they want to make good because that encourages others to do so.

I’m a developer for a software company, and we tend to see quite a bit of this stuff when we get calls about something with our software not working. Our support gets hooked up only to find that our software is having problems because they have infections of this nature messing things up. Although it’s technically not our problem we often times help people get this crap cleaned up, however in some cases the infections are so bad we have them call in someone local simply because to clean it up you either have to reload the system or do the clean ups outside the operating system, making it impossible for us to clean it up remotely. Sometimes people just get infected due to bad luck, more often we see repeated infections at the same clients… usually because they allow their employees to go to social and gaming sites at work, or whatever else they feel like. In one instance I got a maintenance guy fired because I tracked down the source of their infections and was able to piece together enough info to show them that the porn sites their computer was visiting late at night were the source of infection… this in an accounting office. They setup a sting and caught the guy sneaking in and surfing porn while he was supposed to be working.

Some of the things I’ve seen in the past few years make me think I really specialized in the wrong area. I’m no novice when it comes to computer and network security. I run my own firewalls and intrusion detection systems at home and do penetration testing on my home as well as our corporate network, and yet these last few years I’ve done more security related stuff to my home network out of fear than out of general playing around. Many years ago in the age of dialup I ran a full computer based firewall and dialup server for my home network… because I could 8). Now I run things like an intrusion detection system on the edge of my network because I feel I need the security. There has been a ton of security gains made since the early days of the internet revolution, however this has just made the crooks get smarter and more insidious. What bothers me is if I had steered less toward business software development and more toward network security which I pursued as more of a hobby I’d be in a better position to do what I really get a kick out of doing, and that is taking the fight to these assholes, not just cleaning up their messes. Eh it’s probably a good thing though, as much of what I’d like to do to them and their criminal enterprises would probably be legally grey at best even if it’s unquestionably morally white.

No, everyone hates computer pirates. Anything short of taking a Ghurka kukri knife to them is fine with me.

Thanks, "TheCoat," and thanks again to all others who helped.

posted by rdbrewer at 06:21 PM

| Access Comments