Regular readers on this site are aware, that virtually all downloads I recommend, are hosted on CNET’s (download.com), site. There is good reason for this – CNET scrupulously audits hosted downloads, to ensure they are not contaminated by malware.
The same cannot be said for many other download sites. As a result, downloading can be extremely risky, especially for unaware users.
Ransomware is a particularly vicious form of malware which often piggybacks on what appears to be legitimate software. In most instances ransomeware encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.
Security researchers at CA, one of the world’s largest IT management software providers, have discovered a new piece of ransomware that blocks an infected computer from connecting to the Internet. On payment of a fee (to be paid by SMS), the victim’s machine will be unlocked.
This new piece of ransomeware uses the uFast Download Manager application download, as an entry point, to infect victims computers. Following installation, the victim is presented with the following screen:
(Graphic courtesy of CA)
The following is a rough English translation:
Internet access is blocked due to violation of the license agreement schedules of uFast Download Manager
You must activate your copy
Get a registration code by sending an SMS with the following code fw0004199 to number 7122
In response you will receive an activation message.
Enter the activation message received from the SMS response ________
Don’t relax your guard simply because this malware seems to be currently focused on Russia. This type of attack knows no borders. Ransomeware attacks seem to be escalating.
If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.
For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.
Note: Download managers are one of the most popular applications offered for download on the Internet, as the following graphic of a Google search indicates – 24,600,000 returned links.
The Browser security application WOT, indicates, that on this page, half of these links are unsafe, or require caution.
Regular readers are familiar with the following security precautions – but they bear repeating.
Make regular backups of critical data. If you are infected this may be your only solution
Don’t store critical data on the system partition
Don’t open unknown email attachments
Download ONLY from well established sites, or sites that are known to you
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure your anti-virus software scans all e-mail attachments
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Hi Bill,
Absolutely great advice. One thing I ALWAYS do, even after downloading from CNET, is I scan downloads manually before I even run the application with two or more of my security apps. It might be paranoid, but better to be safe than sorry.
Hey Mal,
Welcome to the “Great Society of Paranoid Internet Surfers”. Now there are 2 members – you and I. LOL!
Your advice on scanning downloads, regardless of origin, with 2 or more security applications, is spot on. Users get victimized generally because they behave like victims.
Bill
Very useful info, thanks for alerting us to these risks on download sites, I wasn’t aware for one.
You’re welcome Karen. Thanks for visiting.
Bill
Cheers Bill,
2 members, wow lol. Paranoia is good, in all my years on the internet, I have never had a major infection (and neither has my computer lol).
Personally, I don’t use download managers, they are just too risky. Chrome’s built in one is good enough for me.
Hey Mal,
Thanks for the laugh – can’t say I’ve never had an infection, although most of them were deliberate: (testing purposes).
BTW, I agree – the benefit of download managers is questionable at best, and as you say “they are just too risky”.
Bill
Great advice, I have a imac but follow your lead and use wot and other add ons in firefox such as no scripts. Turned on my firewall to block all sharing and none essential traffic. I also took your advice and renewed my subscription for Vipre on my wife’s computer. Keep up the good work love your site. Jim {:-)
Thanks for the kind words, Jim – much appreciated. You’re right, file sharing, unless absolutely necessary, is a no-no. Unfortunately, Windows, by default, allows file sharing.
Glad to hear you renewed Vipre; it’s a great antimalware application.
Bill