Written by v2r on March 27, 2012 – 6:32 am -
Over the past few days we've received reports of Finns being targeted by ransomware which is localized in Finnish language and claims to be from Finnish police.
The Ransomware in question is part of a family we call Trojan:W32/Ransom and is localized to several European countries: Germany; UK; Spain; and now Finland. In all countries, the social engineering method is the same. Upon infection, the Ransomware expands Internet Explorer to full screen (F11) and displays a message claiming to be from a local police unit claiming that the user's computer has been used in browsing sites containing child and animal abuse. It also claims that it has been used to send e-mail spam on topics related to terrorism, and has thus been locked until a fine is paid.Image: Poliisi
In this case, the Ransomware claims to be from "Tietoverkkorikosten tutkinnan yksikkö" which translates as information networks crime unit. However, the Finnish police doesn't have a unit with that exact name. Also to be noted is that the quality of Finnish is not very good and the contact address is to cyber-metropolitan-police.co.uk. Further inspection reveals that the cyber-metropolitan-police.co.uk domain is registered to a fake person Mr. “be happy” residing in Gette, Poland. Very credible indeed.
The Finnish ransom message is demanding payment using Paysafecard, which is a disposable prepaid card that can be used for anonymous online transactions. It is sold nationally at kiosks within Finland.
F-Secure Internet Security detects known variants of Trojan:W32/Ransom either by family name or generic detection names, but as always it pays to be careful. Our back end statistic indicate that this is definitely "liikkeellä" (in-the-wild).
The initial infection vector for this trojan has been either a Java runtime exploit or Adobe Acrobat PDF reader exploit, there is no information about fresh (0-day) exploits being used.
So to be safe:
1. Update your Acrobat PDF reader to the latest version, or switch to another PDF reader.
2. Update your Java runtime. Or, if you do not need Java, it is highly advisable to uninstall it. If you do need Java, at least consider disabling it within the browser when not in use. Or, switch to Google Chrome which will ask before Java is executed from unknown sites.
If your computer is ever compromised by Ransomware, do not pay anything to the malware authors. In almost all of the cases paying does not free up your computer anyway. Also remember that neither the Finnish police nor any other Police in the world uses Paysafe, Ucash or any other prepaid billing systems for fines. If any message is demanding your credit card or any other payment method it is most certainly a scam and not legitimate government official.
• Finnish Police advisory
• Finnish Police advisory
• Cert-FI advisory
On 09/03/12 At 01:26 PM
Tags: computer security
, malware remove
, virus remove
Posted in Virus removal tools
Remove Virus, Malware, Trojans - Computer virus Removal tools
Nothing can be worse than a malware infected PC. With its domination on how you browse and an irritating spray of websites that you never opened, malware can make regular browsing experience a nightmare. Not just that, spuriously it might pass on critical information as well.
Thank God for antimalware programmers, browsing gets a little sane with anti malware. It catches such malicious programs, takes them off and revive the same browsing experience.
Computer Malware is a Real Problem
You never know what purpose a malware has been designed with until you catch it. Is it to track your usernames and passwords, to catch your browsing history, or your shopping habits?
Depending on who makes them, the purpose of malware differs; yet collectively they remain a big threat. They operate in disguise and not only risk your personal information but consume processing power and bandwidth as well.
Common Sources of Catching a Malware
If you have been wondering how your PC got infected and why antimalware program become crucial for you, here are some pointers for you:
Malicious sites: If you by mistake landed on sites that looked suspicious, there is a high possibility that you got a malware from there.
Third party packages: If you keep trying unreliable third party software as a habit, chances are you have many malware running on your PC. Most of the malicious marketers club their malware with popular applications. Next time, you install an application, keep the anti-virus program active.
Torrent downloads: While people may not accept, piracy is a common practice and thanks to torrents, malware programmers find a new outlet for spreading their programs. If you have downloaded files through torrents, especially through seeders not known for reliable downloads, you might have downloaded malware without even knowing about it.
If your PC shows sign of being infected by malware, your best bet is to download a reliable anti malware program now and run it to catch the bad boys!
Trust us, further you delay running anti malware programs, worse the situation gets.
Computer Viruses, Malwares, Trojans - Remove
Each year the particular problems via personal computer malware cost US corporations immeasureable dollars. These pricing is with missing efficiency, however everlasting loss in essential organization info. Perhaps, nearly all if not all attacks are avoidable with the appropriate comprehension, education and defense. Do not be another sufferer, take the actions today to make certain safety and recovery in the event the most detrimental need to take place.Initial, let’s realize personal computer malware. Usually the phrase malware is employed to explain all adware and spyware. Technically speaking, there are malware, rootkits, Trojan horses, viruses as well as spy ware. The actual strike approach may differ however they are almost all harmful.A virus is a plan that goes by itself and also illegal copies themselves. It could influence documents or perhaps the trunk field and will delete all your files. The particular “Melissa” and “I Really like You” viruses gained worldwide interest. Any rootkit or even Trojan viruses horse allows use of one’s body without you knowing. Usually they look just like a beneficial software application but in fact they may be again or snare doorways.A pc earthworm is a self-replicating computer program. That utilizes a network to deliver duplicates involving by itself with nodes. After on the method, viruses don’t need to put on an additional software and can run by themselves. Viruses create a rejection of service assault generating the system not used. In general, earthworms focus on the network and infections attack files.