The Register® — Biting the hand that feeds IT

Feeds

Scareware package incorporates file ransom trickery

Double dipping

By John Leyden, 25th March 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Cybercrooks have combined two threats with a fake anti-virus package that holds files for ransom.

The malware comes in the guise of a utility called Antivirus2009 that claims to have located corrupted files on affected systems. Prospective marks are told they are need to download a package dubbed FileFix Professional to recover these files.

In reality, Antivirus2009 is responsible for encrypting the supposedly corrupted files, targeting documents in a blighted user's My Documents folder. FileFix Professional unscrambles this content but only after users pay $50 for software of dubious utility.

Antivirus firms are adding detection for both dubious packages. Computer help forum BleepingComputer.com has detailed instructions on how to remove FileFix Professional from infected systems. That advice alone isn't enough to recover scrambled files. Fortunately, however, web security firm FireEye has established a free Web-based service to recover encrypted files, as explained in its write-up of the threat here. Trend Micro has screenshots of the malicious utility FileFix Professional here.

The incorporation of scareware and ransonware tactics represents an evolution in the development of rogue security (AKA scareware) packages. The number of rogue anti-malware programs in circulation rose from 2,850 in July to 9,287 in December 2008, a three-fold increase in the space of just six months, according to the latest figures from the Anti-Phishing Working Group. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (6)
Latest Comments
A J Stiles

Bah

Why the *fuck* is *anyone* still running Windows?

For fuck's sake, it's less effort to go back to doing stuff by hand than it is to keep a bunch of Windows boxes malware-free.

0
0
Anonymous Coward
Anonymous Coward

If a "fix" to a scam is being "sold" by the scammer ...

then some money is changing hands, and its presumably not being done in cash.

That money, surely, is passing through some sort of money transfer service. Initially, maybe, to a middleman who doesn't know what it is for ... and via countries whose police may or may not be very competent or very co-operative ... but sooner or later that money has to end up with somebody who knows who is doing this.

0
0
william henderson

back up

regularly and every time a high value item is added to the my documents file.

a daily back up to a usb drive is simple and cheap.

no excuses for nor doing so.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
126
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13