Don's Dust Article

[Grady]

I've used the free version of http://www.malwarebytes.org/ for a previous similar issue. It worked great for me and was simple to use. Worth a shot.

[Joker]

What are yall downloading? the article is up in the link. You can scroll through the article withhout a download. The article is accesable but just skipping the pages with the guy on the bike #555

[Hare]

It automatically downloaded when i click on the link to the article, actually it was hard to notice short of the extra PC activity. I think this bug wiped me out, I had thousands of ride pics and videos and work too, WAH!, most are backed up and saved on disk but many are not.

Heres what i found out about it, sounds like the dust site is weak and vunerable to attacks as such. I hope they come up with a fix.


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
from http://www.securitybloggersnetwork.com/ ... -the-feed/

Researchers at SophosLabs are analysing a new ransomware attack that appears to have hit computer users via a drive-by vulnerability on compromised websites.

Malicious hackers are spreading the ransomware, which encrypts media and Office files on victim's computers, in an attempt to extort $120. In a nutshell - you can't access your files because the malicious code has encrypted them (in our observations, the whole file isn't encrypted - just the first 10% or so), and the hackers want you to pay the ransom if you want your valuable data back.

The attack, which Sophos detects as Troj/Ransom-U, changes your Windows desktop wallpaper to deliver the first part of the ransom message.



The main ransom demand is contained in a text file:



Attention!!!

All your personal files (photo, documents, texts, databases, certificates, kwm-files, video) have been encrypted by a very strong cypher RSA-1024. The original files are deleted. You can check this by yourself - just look for files in all folders.

There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - even don't try to find another method or tell anybody. Also after n days all encrypted files will be completely deleted and you will have no chance to get it back.

We can help to solve this task for 120$ via wire transfer (bank transfer SWIFT/IBAN). And remember: any harmful or bad words to our side will be a reason for ingoring your message and nothing will be done.

For details you have to send your request on this e-mail (attach to message a full serial key shown below in this 'how to..' file on desktop): [email address]

The HOW TO DECRYPT FILES.txt file gives an email address to contact if you wish to recover your data. In addition, there is a fingerprint hex-string in the file which changes between successive runs - the message says that victims must quote this string when making contact (presumably it is related to the actual key used for decryption).

Users have reported to us that they have received the attack via a malicious PDF which downloads and installs the ransomware. Sophos detects the PDF as Troj/PDFJS-ML.

Files with the following extensions can be affected: .jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .rar, .zip, .mdb, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .txt, .pdf, .avi, .flv, .lnk, .bmp, .1cd, .md, .mdf, .dbf, .mdb, .odt, .vob, .ifo, .mpeg, .mpg, .doc, .docx, .xls, and .xlsx. The easiest way to identify files that have been meddled with is that their filenames will have been changed to include the suffix ".ENCODED".

Of course, we don't recommend paying money to ransomware extortionists. There's nothing to say that they won't simply raise their ransom demands even higher once they discover you are prepared to pay up.

Once again, users who make regular backups of their important data have good reason to pat themselves on the back.

[Wingfixer]

My father works for the FBI as some kinda IT guy, I mentioned what had happened to you guys and he said you should report it to the state police and they should forward it to the FBI. From what he said they will make a big deal out of this. This type of internet fraud is getting to be a big crime.

[the dude himself]

I've just seen this. I've got my own IT business - if you were to get your PC's over here I'm sure I could clean'em up. Gratis, of course - for my DAMN Brothers.

I'm working a contract out of a DoD basement right now so email if you need - DAMN is blocked.

[hondahawkrider]

I've just seen this. I've got my own IT business - if you were to get your PC's over here I'm sure I could clean'em up. Gratis, of course - for my DAMN Brothers.

I'm working a contract out of a DoD basement right now so email if you need - DAMN is blocked.

http://elitekiller.com/malware.htm has the best article on this kind of crap... and give you a number of links on free AV site to protect you if you don't want to pay for AntiVirus (I use AVG) and it explains allot..

If you search thru the page - look and download the rogue removal kit or goto http://www.elitekiller.com/files/rogueremoval.zip

It's got several tools in it - included the previously mentioned malwarebytes.org piece... It's updated fairly frequently ... However, these tools have saved myself and it's been used allot by others as well... Very rarely has it ever not fixed my machine completely... At the very least it will make your machine functional enought - and allow you to browse the web to find out any other steps you may require to be on the safe side... I have been in IT quite a while and I have these tools with me on a USB drive pretty regularlly - just in case I run into a friends machine that screwed... I can say enough good shit about elitekiller.com