Tag Archives: extortion

Internet Dating And Extortion – Real Life Mirrors Fiction

imageThis past week, I reread The Brethren, a novel by American author John Grisham, first published in 2000. The novel’s plot centers on a scam in which three incarcerated Judges blackmail wealthy closeted gay men who unwittingly (through letters), provide the rogue Judges, who collectively are posing as a young gay man, with all the information needed to make the blackmail scam a winner.

In case you want to read the book (I highly recommend it – Grisham is a terrific novelist), I won’t spoil it for you by revealing additional story elements, but suffice it to say, that the naiveté of the victims in providing highly personal information, drives the plot forward.

But this is just fiction – a made up story. In “real” life this type of situation, or a  situation similar to it, just wouldn’t happen, right? Ah, but it does – as illustrated in the following news report from a recent edition of the Toronto Star newspaper.

Rather than rely on snail mail, as the fictional characters in the novel do, the Internet is the weapon of choice in the following scam, as you’ll see.

Police say a number of men looking for love on the Internet found extortion instead.

Halton Regional Police allege a man joined a number of adult dating service websites posing as a woman and prospective date for male subscribers. The interested men were then persuaded to provide personal information about themselves.

Police say the information provided by the unsuspecting victims in emails, chats, texts and voice mail messages then formed the basis for extortion. There were threats to publish the information on social networking sites or send it directly to family, friends, or employers unless monetary demands were met.

Kevin Fletcher, 43, of Burlington, Ont., faces eight counts of extortion and one of criminal harassment.

The Internet and its associated tools, including those tools mentioned in the newspaper report – emails, chats, texts and voice mail messages, seems to have affected the victims’ brain functions. Normal personal security precautions appear to have been thrown out the window; including common sense – assuming they had any common sense to begin with!

I have no doubt, that the victims in this case would have benefited from reading Internet Security: There’s an App for That – Your BRAIN!, posted here earlier this year.

There’s a lesson in this sad story – establishing a personal relationship through Internet dating, despite the success stories touted in numerous television commercials, is not without risk. And, should be approached with the same sense of caution and awareness, that one would use in any Internet transaction.

image

That old truism – “Nobody knows you’re a Dog on the Internet” – takes on special significance when it comes to online dating.

A sampling of common sense Internet dating safety tips from the Wired Safety Website.

Do not believe everything you read online

You can be anything or anyone you want to be online. I keep trying to get people to believe that I am tall, blonde and gorgeous! (So far, no takers…). That cute brunette 24-year-old guy may not be cuter, may not be 24 and most importantly, may not be a guy. There is not truth in advertising protection when you date online.

Do not give out personal information online

Personal information that would let someone find you offline would never be shared online. Your full name, where you work, where you live, your phone number (see my note on giving out your phone number), your fax number…these should not be shared online.

Use an online dating service that uses an anonymizer or re-mailer to mask your real e-mail, or set up a Hotmail or other free account just for dating online. Cyber romance can quickly turn to cyberstalking – it is better to be able to terminate that particular account than to have to set up a new main account, and notify everyone you know.

To read the full list of Internet dating safety tips, visit Wired Safety.org.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under cybercrime, Don't Get Scammed, email scams, Internet Dating Safety Tips, Internet Safety, internet scams, Online Safety, Windows Tips and Tools

Ransomware in Your Browser

image Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

image

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browsers, Don't Get Scammed, Don't Get Hacked, Firefox, Interconnectivity, Internet Explorer, internet scams, Internet Security Alerts, Malware Advisories, Ransomware, Rogue Software, scareware, Symantec, System Security, trojans, Windows Tips and Tools

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Ransom38 Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

ransomware

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

1 Comment

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Ransomware, System File Protection, System Security, trojans, Viruses, Windows Tips and Tools

Gpcode Trojan Ransomeware Kidnapping Again!

Have you ever considered your computer files as a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it! Ransomware is a vicious form of malware, taking into account that it encrypts the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

Trend Micro Advanced Threats Researcher, Ivan Macalintal, recently reported that Gpcode ransomware is loose on the Internet once again. Regular readers of this Blog will remember two previous articles in which this virulent malware was discussed.

First encountered two years ago by Kaspersky Lab, Gpcode has undergone several incarnations, with this latest version being identified by Trend Micro as TROJ_RANDSOM.A

Reportedly, Gpcode is now using a 1,024 bit encryption key, as opposed to 660 bits in an early variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password.

According to Trend Micro TROJ_RANDSOM.A:

Can be downloaded from remote site(s) by other malware

May be dropped by other malware

May be downloaded unknowingly by a user when visiting malicious Web site(s)

(Fake error message upon malware execution. Courtesty Trend Micro)

As with previous versions of this malware, after installation, the victim is informed that the computer’s files have been encrypted and a decrypting tool must be purchased, for US $307, from the cyber-criminal, in order to decrypt the affected files. Email addresses are included in order to facilitate this fraudulent purchase.

Affected systems: Windows 98, ME, NT, 2000, XP, and Server 2003.

(Process illustration courtesty of Trend Micro)

If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.

For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.

References: Trend Micro

While it has been established how Gpcode infects the victim’s machine with the Trojan, none-the-less, the following precautions are critical to the security of your system.

Most importantly – make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

2 Comments

Filed under Don't Get Hacked, Freeware, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, System Security, trojans, Viruses, Windows Tips and Tools

Makeuseof.com Web Site Stolen and Held for Ransom

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider that a popular Web Site could be kidnapped and held for ransom. But that’s what it appears has happened to Makeuseof.com, a very popular Web Site that specializes in Cool Websites, Cool Software and Internet Tips.

As a contributing writer for Makeuseof.com, I need access to the site in order to post articles. This morning however, when I attempted to login to the site, I found that Makeuseof had disappeared off the map. Gone, vanished; nowhere to be found. Web sites of course, can go down due to all sorts of technical issues.

But no technical issues proved to be connected with the disappearance of Makeuseof. After just a few minutes of investigating, I was taken aback when I learned that the Makeuseof domain had been stolen!

(Click pic for larger)

By following the threads on this, I discovered the site’s ownership/domain had been transferred from GoDaddy, to NameCheap, each of which is a web registrar company.

As Mark O’Neil, Managing and Publishing Editor of Makeuseof explains it “The problem was quickly traced to our GoDaddy account and we found out that it had been hacked by someone. The hacker had transferred ownership of the makeuseof.com domain from the GoDaddy account to another web registrar company called NameCheap.

Looking at the emails now we can say that it took him less then an hour to do that. The WHOIS entry is here and you can see that it is an Ali Ferank in Dubai. That’s our bad guy.

We can now confirm that the attacker, in fact, got the access details through Gmail and set up a forward filter to send incoming emails from GoDaddy to another Gmail account. Now the account had a strong approximate 15 character long password. How the hell did he manage to get in? Is it another Gmail Security Flaw?

The thief, Ali Ferank, an alias without doubt, has since contacted Makeuseof demanding $2,000 to restore ownership of Makeuseof.com to its rightful owners.

Mark has raised some penetrating questions with respect to the hasty compliance to the transfer of the domain by GoDaddy that need immediate and substantive answers. As Mark asks “Why did GoDaddy go so fast? In fact in the transfer confirmation email that we received from GoDaddy, it stated that we have 3 business days to cancel the transfer. However, when we logged into the account the domain was already moved, in less then an hour. Is it THAT EASY to snatch the domain from GoDaddy?

The position on this kidnapping and extortion plot, taken by Makeuseof, as expressed by Mark O’Neil is one of defiance “We are not going to pay. We are not going to give into these kinds of people. We work hard for our money and we are not going to hand it over to criminals looking for a quick payday. If we have a spare $2000 available, we would much rather give it to our hard working writers who deserve it”.

For updates on this continuing story, checkout Makeuseof’s temporary home on Blogspot. If this situation continues longer than is currently anticipated articles will be posted to this temporary site.

7 Comments

Filed under Application Vulnerabilities, Don't Get Hacked, internet scams, Malware Advisories, Web Development, Windows Tips and Tools

Kidnapped! – Gpcode Ransomware – Deja Vue All Over Again

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider our computer files as a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a vicious form of malware, considering that it encrypts the victim’s files, and then demands a monetary ransom to decrypt the kidnapped files.

Once again the Ransomware Trojan, Gpcode/PGPCoder is on the loose. First encountered two years ago by Kaspersky Lab, this updated version of Gpcode/PGPCoder has returned, but in a much more advanced form.

Gpcode/PGPCoder is now using a 1,024 bit encryption key, as opposed to 660 bits in its last variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password. Following the encryption of the target files the virus self destructs in order to evade detection.

More than 80 file-types on the PC including doc, txt, pdf, xls, jpg, png, htm, pst, xml, zip, and rar, are targeted for encryption, then the original files are deleted from the disk and replaced by an encrypted copy.

An attempt to open an encrypted file on an infected machine will produce a message similar to the following.

Hello, your files are encrypted with RSA-4096 algorithm.

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: – – – –

It has not yet been determined how Gpcode/PGPCoder infects the victim’s machine with the Trojan, so the following precautions are critical to the security of your system.

  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data. If you are infected this may be your only solution
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer
  • Install a personal firewall on the computer
  • Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure your anti-virus software scans all e-mail attachments
  • Don’t store critical data on the system partition

5 Comments

Filed under Email, Encryption, Interconnectivity, internet scams, Malware Advisories, System File Protection, System Security, Windows Tips and Tools

Online Extortion – Gpcode Ransomware Returns

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider our computer files as a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a particular vicious form of malware, considering that it encrypts the victim’s files, and then demands a monetary ransom to decrypt the kidnapped files.

Once again the Ransomware Trojan, Gpcode/PGPCoder is on the loose. First encountered two years ago by Kaspersky Lab, this updated version of Gpcode/PGPCoder has returned, but in a much more advanced form.

Gpcode/PGPCoder is now using a 1,024 bit encryption key, as opposed to 660 bits in its last variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password. Following the encryption of the target files the virus self destructs in order to evade detection.

More than 80 file-types on the PC including doc, txt, pdf, xls, jpg, png, htm, pst, xml, zip, and rar, are targeted for encryption, then the original files are deleted from the disk and replaced by an encrypted copy.

An attempt to open an encrypted file on an infected machine will produce a message similar to the following:

Hello, your files are encrypted with RSA-4096 algorithm.

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: – – – –

It has not yet been determined how Gpcode/PGPCoder infects the victim’s machine with the Trojan, so the following precautions are critical to the security of your system.

  • When surfing the web: Stop. Think. Click
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data. If you are infected this may be your only solution.
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer.
  • Install a personal firewall on the computer.
  • Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure the anti-virus software scans all e-mail attachments

6 Comments

Filed under Encryption, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Safe Surfing, Spyware - Adware Protection, System Security, Windows Tips and Tools