TELECOM Digest OnLine - Sorted: Re: Virus Infection Holds Computer Files Hostage


Re: Virus Infection Holds Computer Files Hostage


Robert Bonomi (bonomi@host122.r-bonomi.com)
Wed, 25 May 2005 07:04:46 -0000

In article <telecom24.230.2@telecom-digest.org>, Lisa Minter
<lisa_minter2001@yahoo.com> wrote:

> Web Infection Holds Computer Files Hostage
> By TED BRIDIS, AP Technology Writer 11 minutes ago

> Computer users already anxious about viruses and identity theft have
> new reason to worry: Hackers have found a way to lock up the
> electronic documents on your computer and then demand $200 over the
> Internet to get them back.

> Security researchers at San Diego-based Websense Inc. uncovered the
> unusual extortion plot when a corporate customer they would not
> identify fell victim to the infection, which encrypted files that
> included documents, photographs and spreadsheets.

> A ransom note left behind included an e-mail address, and the attacker
> using the address later demanded $200 for the digital keys to unlock
> the files.

> "This is equivalent to someone coming into your home, putting your
> valuables in a safe and not telling you the combination," said Oliver
> Friedrichs, a security manager for Symantec Corp.

> The FBI said the scheme, which appears isolated, was unlike other
> Internet extortion crimes. Leading security and antivirus firms this
> week were updating protective software for companies and consumers to
> guard against this type of attack, which experts dubbed "ransom-ware."

> "This seems fully malicious," said Joe Stewart, a researcher at
> Chicago-based Lurqh Corp. who studied the attack software. Stewart
> managed to unlock the infected computer files without paying the
> extortion, but he worries that improved versions might be more
> difficult to overcome. Internet attacks commonly become more effective
> as they evolve over time as hackers learn to avoid the mistakes of
> earlier infections.

> "You would have to pay the guy, or law enforcement would have to get
> his key to unencrypt the files," Stewart said.

> The latest danger adds to the risks facing beleaguered Internet users,
> who must increasingly deal with categories of threats that include
> spyware, viruses, worms, phishing e-mail fraud and denial of service
> attacks.

> In the recent case, computer users could be infected by viewing a
> vandalized Web site with vulnerable Internet browser software. The
> infection locked up at least 15 types of data files and left behind a
> note with instructions to send e-mail to a particular address to
> purchase unlocking keys. In an e-mail reply, the hacker demanded $200
> be wired to an Internet banking account. "I send programm to your
> email," the hacker wrote.

> There was no reply to e-mails sent to that address Monday by The
> Associated Press.

> FBI spokesman Paul Bresson said more familiar Internet extortion
> schemes involve hackers demanding tens of thousands of dollars and
> threatening to attack commercial Web sites, interfering with sales or
> stealing customer data.

> Experts said there were no widespread reports the new threat was
> spreading, and the Web site was already shut down where the infection
> originally spread. They also said the hacker's demand for payment
> might be his weakness, since bank transactions can be traced easily.

> "The problem is getting away with it - you've got to send the money
> somewhere," Stewart said. "If it involves some sort of monetary
> transaction, it's far easier to trace than an e-mail account."

> Details: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID194

> Copyright 2005 The Associated Press.

> NOTE: For more telecom/internet/networking/computer news from the
> daily media, check out our feature 'Telecom Digest Extra' each day at
> http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
> articles daily.

> [TELECOM Digest Editor's Note: But, as some of our Bright young
> readers would explain, "on internet there is no consensus on what
> is, and is not malicious."

Oh my, I see I've been "promoted" to a "bright young reader", by the
esteemed moderator. I'm not exactly young, but he gets credit for
getting things 50% right. <grin>

I will point out, yet again, that that remark was in regards to a
proposal for a law that banned quote malicious activity unquote on the
Internet. The point being was that that term is too broad and too
vague to be _legally_ _enforceable_. To get a law that would pass
judicial review, one would have to specify the _particular_kinds_ of
acts that are to be proscribed.

Note: *all* computer viruses, 'zombie' infectors, etc. most 'spyware',
and virtually all the 'browser hijacker' type stuff are
*ALREADY*ILLEGAL* in the United States, under 18 USC 1030.
Available on-line at: http:/www.law.cornell.edu/uscode/18/1030.html

*But* the enforcement of that law is lax-to-nonexistent.

A "new law" won't do diddly-squat about the problem without active
enforcement.

And, if you _have_ active enforcement, you _don't_need_ any new laws.

Recommended reading: The FTC's "Report to Congress" on the
practicality (or lack thereof) of a national "Do Not E-mail" registry,
similar to the Do Not Call registry. Available on-line at:
<http://www.ftc.gov/reports/dneregistry/report.pdf>

While I disagree with a number of their conclusions regarding the
viability of a Do Not Email registry -- there _are_ ways to do it that
address the drawbacks they identify -- the really _interesting_ meat
in the report has to do with the difficulty of prosecution of
violators of existing law. See "C. Obstacles to Enforcement" starting
on Page 23 of the report.

In 2003, Earthlink got over 45 million pieces of spam to the 'honeypot'
addresses they run. They were able to link about 5% of those messages
to an identifiable source. Barely 1/3 of the identifications were good
enough that they could send a cease-and-desist warning letter.

That is what *over* _twelve_thousand_ man-hours of effort 'bought'.
Call it half-a-million dollars worth of effort.

Another ISP reports over ONE THOUSAND man-hours expended in _preparing_
a lawsuit against *one* spammer.

Government prosecutions from the States of WA, and VA show similarly high
costs:

"A prosecutor in Washington State spent four months and
sent out 14 pre-suit civil investigative demands (CIDs)
just to identify the spammer in one lawsuit. Likewise,
in another case, it took the Virginia Attorney General,
over the course of four months, multiple subpoenas to
domain registrars, credit card companies, and Internet
providers, and the execution of a search warrant, before
having enough information to file a case against a
spammer."

> Or as another reader would explain, "there
> is no such thing as an internet; just a collection of sites, and
> we cannot tell another site how to operate."

What they do on _their_ own private property *IS* their prerogative.

Their 'right' to do so does not extend to coming onto _my_ private
property to do it.

> And the Bright young
> reader concurs, "nor does anyone on the net want things any
> different". PAT]

Show the 'bright young reader' that people are demanding that
restrictions be put on _their_own_ activities -- as distinct from
demands that limits be imposed on the actions of 'other people' -- and
he will willingly change that to 'practically anyone'.

The situation is exactly like that with various kinds of 'morals' laws
-- try to find _anyone_ who supports an anti-prostitution statute on
the basis that "it will discourage _me_ from hiring prostitutes".

In many areas of the country, "pan-handling", and/or other forms of
"spare change?" solicitation, on the streets is disallowed by law.
Should equivalent pleas be allowed on the Internet, or not?

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: John Hines: "Re: Last Laugh! Your House at P.O. Box 4621"
Go to Previous message: The Kaminsky Family: "Re: Foreign Exchange (FX) Lines Still in Use?"
May be in reply to: Lisa Minter: "Virus Infection Holds Computer Files Hostage"
TELECOM Digest: Home Page