Author |
Message |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 12813 Location: Arizona USA
|
Posted: Tue 06 Aug 2013, 15:24 Post subject:
New strain of ransomware evades detection by anti virus apps |
|
New strain of ransomware evades detection by AV apps
Quote: | ...the only requirements for HTML ransomware to work are JavaScript must be enabled, and the victim’s web browser incorporates the “Recover browser session after a crash” feature, which is part and parcel to all major web browsers -- including Chrome, Firefox, Internet Explorer, and Safari.
Here’s what HTML ransomware has going for it:
Does not require installation.
Disabling JavaScript breaks many popular websites; so people aren’t willing to turn off JavaScript, something the bad guys are relying on.
AV applications, even with current malware signature sets, are of no use against HTML ransomware....
...By creating a 150 iFrame loop, HTML ransomware gives the impression the computer is locked up....
...by most definitions, it’s not malware. It is a snippet of JavaScript code readily available on the Internet that digital extortionists use to fool victims by controlling what is visible in the browser window. No other computer function is affected, at least as of this writing... |
|
Back to top
|
|
 |
8-bit

Joined: 03 Apr 2007 Posts: 3425 Location: Oregon
|
Posted: Tue 06 Aug 2013, 22:38 Post subject:
|
|
I had something similar that got the wife's PC.
It installed a program that would pop up a window for any application one tried to run saying the file was infected and to purchase and install their virus removal software.
I went in with Puppy, and deleted the active file.
But it took more searching as the file replicated/restored itself when it was determined it was deleted.
All in all it was an interesting experience that made me appreciate using Puppy to fix windows and also the peace of mind one has running Puppy.
|
Back to top
|
|
 |
starhawk
Joined: 22 Nov 2010 Posts: 5056 Location: Everybody knows this is nowhere...
|
Posted: Tue 06 Aug 2013, 23:54 Post subject:
|
|
@8-bit -- my local tech shop calls that type of malware a "FakeAV" -- fake antivirus. I hear they're generally pretty nasty stuff.
_________________

|
Back to top
|
|
 |
8-bit

Joined: 03 Apr 2007 Posts: 3425 Location: Oregon
|
Posted: Wed 07 Aug 2013, 00:22 Post subject:
|
|
Do you know if there are substitutes that can be used for Javascript and Flash that would be less prone to hacks?
As you say, the problem is that a lot of sites still use Javascript and Flash.
I do not know if Youtube's addition of HTML5 for videos is a good or bad thing.
I do know that until I changed my options to use the earlier software instead of HTML5, I was unable to view Youtube video.
|
Back to top
|
|
 |
linuxbear
Joined: 18 Apr 2009 Posts: 623 Location: Las Vegas, Nevada, USA
|
Posted: Wed 07 Aug 2013, 15:00 Post subject:
|
|
Doncha just love it when these Java apps try to show you that something is wrong with your C:\ drive when you're running Linux?
--- I haven't dealt with a virus in a while, but there used to be a site called "bleeping computer" which got me out of trouble a few times when my wife was still running windows.
http://www.bleepingcomputer.com/
|
Back to top
|
|
 |
|