Anti-Extortion 101

I read a story today called “Give me your money, or your computer gets it” at http://redtape.msnbc.com/2010/01/turning-hijacked-computers-into-cash-is-still-hard-work-for-most-computer-criminals-theyve-got-to-trick-the-infected-pc-into.html. While the story does offer some practical advice, it misses some critical points and gets one thing a bit wrong.

The story actually talks about a couple of different “ransom” attacks. There is the case where your data is encrypted and you are told you must pay to get it back. Then there is rogue security software that may nag you or even refuse to let you use your computer until you pay. In all cases, as the author points out, it is a bad idea to pay.

So, here is a list of things to do to prevent yourself from becoming a victim.

Patch everything
Backup your data
Use quality security software
Don’t believe your computer is being scanned
Learn to use Task Manager
Consider SandboxIE or Defense Wall

Patch everything.
It doesn’t matter if you use Windows, a Mac, Linux, or another operating system, you need to keep your entire system patched, and that means a lot more than the operating system. Patching your OS should be easy for you, but do you keep track of all of your other software? Real Player, iTunes, QuickTime, instant messaging programs, Adobe (Reader, Acrobat, Flash, Shockwave, Air and more), and all of your other programs? These are prime targets for drive-by downloads where you get infected just by viewing the web page. For home users you can run a free vulnerability scanner from www.secunia.com. I recommend you do this and update any programs on your computer that are indicated as being in need of an update.

Backup your data.
Hard drive crashes, software bugs, and inadvertent deletion of files can be just as damaging as data being held for ransom, but if you have good backups of the data then you don’t have much to worry about.

Use quality security software.
You need to do a little research before you invest in a firewall, antivirus, and other security software. Know what you are getting. One reader of the article likened Symantec to a criminal because he would have to pay more money to fix the problem. Symantec is not a criminal, but you need to know what you are buying. When you purchase ESET products there is no charge for support. There is more to this though, when you get a popup saying you need product xyz to fix your problem it is fake security software and you’d know it if you did your research. Check for certification by organizations such as West Coast Labs (http://www.westcoastlabs.org/) and ICSA Labs (http://www.icsalabs.com/)

Don’t believe your computer is being scanned.
If you land on a web page and it starts scanning your computer, it isn’t really scanning, it is only playing a video, but when you click on the popup then you run a major risk of infection. The unauthorized scan is your first sign that it is time to close your browser. A reboot probably won’t hurt either. If you don’t know about the company making the scanner, then don’t run it, install it, or buy it.

Learn to use Task Manager
Sometimes the rogue security software makes it very difficult to close the browser window. No matter what you click you can’t seem to stop the harassment or close the window. This is when you go to task manager and close the browser (assuming you are running Windows). If you press CTRL+SHIFT+ESC it will bring up the task manager and then from the “applications” tab you can close Internet Explorer, or Firefox, or whatever browser you are using.

Consider SandboxIE or Defense Wall
As an added measure of defense I use a program called SandboxIE (www.sandboxie.com) and I use it with Firefox and Google Chrome, as well as with Internet Explorer. I even use a virtual machine to run Windows XP 32-bit just so I can sandbox the browser since SandboxIE won’t work with my 64-bit Windows 7. SandboxIE helps protect the operating system so if something like ransomware or rogue antivirus gets in it is not able to attack the real files and is easily removed in virtually all cases. There is a product from Softsphere Technologies called “Defense Wall” and though I have not personally used it, however from conversations with the developer and other sources I trust it adds a valuable layer of protection.

Finally, don’t believe the clueless. One comment on the story said “get a Mac, problem solved”. There has been an increase in attacks against the Mac and they use most of the same techniques as we see being employed against Windows users. The main difference is that Macs are far less attacked today. The problem is reduced, but not solved. Another poster said you only get these bad programs from porn sites. This is about as ignorant as it gets. The bad guys are attacking everywhere they can.

You really can protect yourself and be a lot safer by following these tips.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • ESET Lover.

    Why ESET not put a HIPS in products?

    • Randy Abrams

      HIPS is a very broadly used term. At some level ESET does provide HIPS, but not what I would call a comprehensive HIPS solution. Why we don’t offer something like SandboxIE or DefenseWall is a decision of the owners. At some point you choose to specialize or generalize. Perhaps at a future point other security offerings will become a part of our portfolio, but for now a dedicated HIPS product isn’t something we offer.

  • TetraNitro

     
    Just a side-note: Tzuk has released a beta version of SandBoxie that runs on 64-Bit systems!

    • Randy Abrams

      Thanks for the info!!! I’ve been using a VM to run XP under Win 7 so I could continue to use SandboxIE :)

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
29 Jan 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.