Internet Dating And Extortion – Real Life Mirrors Fiction

This past week, I reread The Brethren, a novel by American author John Grisham, first published in 2000. The novel’s plot centers on a scam in which three incarcerated Judges blackmail wealthy closeted gay men who unwittingly (through letters), provide the rogue Judges, who collectively are posing as a young gay man, with all the information needed to make the blackmail scam a winner.

In case you want to read the book (I highly recommend it – Grisham is a terrific novelist), I won’t spoil it for you by revealing additional story elements, but suffice it to say, that the naiveté of the victims in providing highly personal information, drives the plot forward.

But this is just fiction – a made up story. In “real” life this type of situation, or a  situation similar to it, just wouldn’t happen, right? Ah, but it does – as illustrated in the following news report from a recent edition of the Toronto Star newspaper.

Rather than rely on snail mail, as the fictional characters in the novel do, the Internet is the weapon of choice in the following scam, as you’ll see.

Police say a number of men looking for love on the Internet found extortion instead.

Halton Regional Police allege a man joined a number of adult dating service websites posing as a woman and prospective date for male subscribers. The interested men were then persuaded to provide personal information about themselves.

Police say the information provided by the unsuspecting victims in emails, chats, texts and voice mail messages then formed the basis for extortion. There were threats to publish the information on social networking sites or send it directly to family, friends, or employers unless monetary demands were met.

Kevin Fletcher, 43, of Burlington, Ont., faces eight counts of extortion and one of criminal harassment.

The Internet and its associated tools, including those tools mentioned in the newspaper report – emails, chats, texts and voice mail messages, seems to have affected the victims’ brain functions. Normal personal security precautions appear to have been thrown out the window; including common sense – assuming they had any common sense to begin with!

I have no doubt, that the victims in this case would have benefited from reading Internet Security: There’s an App for That – Your BRAIN!, posted here earlier this year.

There’s a lesson in this sad story – establishing a personal relationship through Internet dating, despite the success stories touted in numerous television commercials, is not without risk. And, should be approached with the same sense of caution and awareness, that one would use in any Internet transaction.

That old truism – “Nobody knows you’re a Dog on the Internet” – takes on special significance when it comes to online dating.

A sampling of common sense Internet dating safety tips from the Wired Safety Website.

Do not believe everything you read online

You can be anything or anyone you want to be online. I keep trying to get people to believe that I am tall, blonde and gorgeous! (So far, no takers…). That cute brunette 24-year-old guy may not be cuter, may not be 24 and most importantly, may not be a guy. There is not truth in advertising protection when you date online.

Do not give out personal information online

Personal information that would let someone find you offline would never be shared online. Your full name, where you work, where you live, your phone number (see my note on giving out your phone number), your fax number…these should not be shared online.

Use an online dating service that uses an anonymizer or re-mailer to mask your real e-mail, or set up a Hotmail or other free account just for dating online. Cyber romance can quickly turn to cyberstalking – it is better to be able to terminate that particular account than to have to set up a new main account, and notify everyone you know.

To read the full list of Internet dating safety tips, visit Wired Safety.org.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ransomware in Your Browser

Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

Gpcode Trojan Ransomeware Kidnapping Again!

Have you ever considered your computer files as a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it! Ransomware is a vicious form of malware, taking into account that it encrypts the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

Trend Micro Advanced Threats Researcher, Ivan Macalintal, recently reported that Gpcode ransomware is loose on the Internet once again. Regular readers of this Blog will remember two previous articles in which this virulent malware was discussed.

First encountered two years ago by Kaspersky Lab, Gpcode has undergone several incarnations, with this latest version being identified by Trend Micro as TROJ_RANDSOM.A

Reportedly, Gpcode is now using a 1,024 bit encryption key, as opposed to 660 bits in an early variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password.

According to Trend Micro TROJ_RANDSOM.A:

Can be downloaded from remote site(s) by other malware

May be dropped by other malware

May be downloaded unknowingly by a user when visiting malicious Web site(s)

(Fake error message upon malware execution. Courtesty Trend Micro)

As with previous versions of this malware, after installation, the victim is informed that the computer’s files have been encrypted and a decrypting tool must be purchased, for US $307, from the cyber-criminal, in order to decrypt the affected files. Email addresses are included in order to facilitate this fraudulent purchase.

Affected systems: Windows 98, ME, NT, 2000, XP, and Server 2003.

(Process illustration courtesty of Trend Micro)

If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.

For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.

References: Trend Micro

While it has been established how Gpcode infects the victim’s machine with the Trojan, none-the-less, the following precautions are critical to the security of your system.

Most importantly – make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Makeuseof.com Web Site Stolen and Held for Ransom

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider that a popular Web Site could be kidnapped and held for ransom. But that’s what it appears has happened to Makeuseof.com, a very popular Web Site that specializes in Cool Websites, Cool Software and Internet Tips.

As a contributing writer for Makeuseof.com, I need access to the site in order to post articles. This morning however, when I attempted to login to the site, I found that Makeuseof had disappeared off the map. Gone, vanished; nowhere to be found. Web sites of course, can go down due to all sorts of technical issues.

But no technical issues proved to be connected with the disappearance of Makeuseof. After just a few minutes of investigating, I was taken aback when I learned that the Makeuseof domain had been stolen!

(Click pic for larger)

By following the threads on this, I discovered the site’s ownership/domain had been transferred from GoDaddy, to NameCheap, each of which is a web registrar company.

As Mark O’Neil, Managing and Publishing Editor of Makeuseof explains it “The problem was quickly traced to our GoDaddy account and we found out that it had been hacked by someone. The hacker had transferred ownership of the makeuseof.com domain from the GoDaddy account to another web registrar company called NameCheap.

Looking at the emails now we can say that it took him less then an hour to do that. The WHOIS entry is here and you can see that it is an Ali Ferank in Dubai. That’s our bad guy.

We can now confirm that the attacker, in fact, got the access details through Gmail and set up a forward filter to send incoming emails from GoDaddy to another Gmail account. Now the account had a strong approximate 15 character long password. How the hell did he manage to get in? Is it another Gmail Security Flaw?”

The thief, Ali Ferank, an alias without doubt, has since contacted Makeuseof demanding $2,000 to restore ownership of Makeuseof.com to its rightful owners.

Mark has raised some penetrating questions with respect to the hasty compliance to the transfer of the domain by GoDaddy that need immediate and substantive answers. As Mark asks “Why did GoDaddy go so fast? In fact in the transfer confirmation email that we received from GoDaddy, it stated that we have 3 business days to cancel the transfer. However, when we logged into the account the domain was already moved, in less then an hour. Is it THAT EASY to snatch the domain from GoDaddy?”

The position on this kidnapping and extortion plot, taken by Makeuseof, as expressed by Mark O’Neil is one of defiance “We are not going to pay. We are not going to give into these kinds of people. We work hard for our money and we are not going to hand it over to criminals looking for a quick payday. If we have a spare $2000 available, we would much rather give it to our hard working writers who deserve it”.

For updates on this continuing story, checkout Makeuseof’s temporary home on Blogspot. If this situation continues longer than is currently anticipated articles will be posted to this temporary site.

Kidnapped! – Gpcode Ransomware – Deja Vue All Over Again

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider our computer files as a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a vicious form of malware, considering that it encrypts the victim’s files, and then demands a monetary ransom to decrypt the kidnapped files.

Once again the Ransomware Trojan, Gpcode/PGPCoder is on the loose. First encountered two years ago by Kaspersky Lab, this updated version of Gpcode/PGPCoder has returned, but in a much more advanced form.

Gpcode/PGPCoder is now using a 1,024 bit encryption key, as opposed to 660 bits in its last variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password. Following the encryption of the target files the virus self destructs in order to evade detection.

More than 80 file-types on the PC including doc, txt, pdf, xls, jpg, png, htm, pst, xml, zip, and rar, are targeted for encryption, then the original files are deleted from the disk and replaced by an encrypted copy.

An attempt to open an encrypted file on an infected machine will produce a message similar to the following.

Hello, your files are encrypted with RSA-4096 algorithm.

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: – – – –

It has not yet been determined how Gpcode/PGPCoder infects the victim’s machine with the Trojan, so the following precautions are critical to the security of your system.

• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data. If you are infected this may be your only solution
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer
• Install a personal firewall on the computer
• Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure your anti-virus software scans all e-mail attachments
• Don’t store critical data on the system partition

Online Extortion – Gpcode Ransomware Returns

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider our computer files as a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a particular vicious form of malware, considering that it encrypts the victim’s files, and then demands a monetary ransom to decrypt the kidnapped files.

Once again the Ransomware Trojan, Gpcode/PGPCoder is on the loose. First encountered two years ago by Kaspersky Lab, this updated version of Gpcode/PGPCoder has returned, but in a much more advanced form.

Gpcode/PGPCoder is now using a 1,024 bit encryption key, as opposed to 660 bits in its last variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password. Following the encryption of the target files the virus self destructs in order to evade detection.

More than 80 file-types on the PC including doc, txt, pdf, xls, jpg, png, htm, pst, xml, zip, and rar, are targeted for encryption, then the original files are deleted from the disk and replaced by an encrypted copy.

An attempt to open an encrypted file on an infected machine will produce a message similar to the following:

Hello, your files are encrypted with RSA-4096 algorithm.

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: – – – –

It has not yet been determined how Gpcode/PGPCoder infects the victim’s machine with the Trojan, so the following precautions are critical to the security of your system.

• When surfing the web: Stop. Think. Click
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data. If you are infected this may be your only solution.
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer.
• Install a personal firewall on the computer.
• Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all e-mail attachments

Threats in Your Email – Hitman Online Extortion

It’s not uncommon for spam to include false warnings in order to trick the recipient into falling for a scam, a phishing attack or installing malware.

A previous spam campaign that was active towards the end of 2007 came in the form of an e-mail allegedly from a private investigator hired to investigate the recipient. This is a private investigator with a heart, it seems, since the email recipient is advised that their telephone is being monitored and that it will be revealed who planned this surveillance in a follow-up e-mail.

As a sign of good faith by the private investigator, a password-protected compressed file was attached to the message that supposedly contained a recording of the victim’s telephone conversations. In reality however, this password-protected compressed file was designed to defeat anti-malware applications running on the victim’s computer.

The file actually contained malware in the form of a Trojan horse, identified by Symantec Corporation as Trojan.Peacomm.D, which most of us know as the “Storm” Trojan. This malware is designed to gather system information and email addresses from a compromised computer. As well, this Trojan can infect legitimate system drivers, and variants can insert components into legitimate processes such as Explorer.exe and Services.exe.

Now we’re faced with a variant of this email scam, the Hitman email. These fear-provoking emails contain a threat that the recipient will be murdered by a hired Hitman. Fortunately, there is a way out of this predicament however; if the recipient will agree to pay a substantial sum of money to the Hitman the contract will be cancelled.

These Hitman emails are not a new occurrence since they were circulating on the Internet early in 2007. These frightening emails have resurfaced again in the past few months, and they seem to be aimed primarily at a select group of professional high earners, such as doctors, lawyers, and business owners, who are more likely to be in a position to pay the large sums of money demanded in the email.

Although there are many variations of this email, here is one example:

Good Day,

I want you to read this message very crefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from,till i make out a space for us to see, i have being paid $50,000.00 in adbance to terminate you with some reasons listed to me by my employer,its one i believe you call a friend,i have followed you closely for one week and three days now and have seen that you are innocent of the accusation,

Do not contact the police or F.B.I or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do,beside this is the first time i turned out to be a betrayer in my job.

Now listen,i will arrange for us to see face to face but before that i need the amount of $80,000.00 and you will have nothing to be afraid of.I will be coming to see you in your office or home dtermine where you wish we meet,do not set any camera to cover us or set up any tape to record our conversation,my employer is in my control now,

You will need to pay $20,000.00 to the account i will provide for you, before we will set our first meeting,after you have make the first advance payment to the account,i will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court(if you wish to), then the balance will be paid later.

You don’t need my phone contact for now till am assured you are ready to comply good.

Lucky You.

Like all email scams these emails, which contain many grammatical and spelling errors, are generally sent to a large number of people within the targeted group in the expectation, (usually justified), that some will respond. Compounding the issue further, the cyber criminals may try to collect personal information from the victim in an attempt at identity theft.

Keeping in mind that email scams are sent out in bulk it’s reasonable to assume, if you should receive such an email, you are not in any danger of being murdered by a hired killer. Obviously the attempt at extortion is genuine, but the threat against your life is not.

Internet security experts always advise; if you receive unsolicited email messages, you should not reply or respond in any way, but instead simply delete the message from your inbox. In the case of this particular email scam law enforcement officials repeat that advice; that you not respond.

However, in the event you receive a threatening email that includes significant personal information that is specific to you, to ensure your safety, it would be prudent to report this to your local police department.

From Scambusters.org

Don’t Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn’t subscribe to ScamBusters. Don’t take a chance. Subscribe FREE to ScamBusters, a public service and the #1 publication on Internet fraud.

Share this post :