RSSAll Entries Tagged With: "malware"

The “Ransom-Ware” which looks for Games : TESLACRYPT

Teslacrypt is a type of ransom ware which was made to target the computers which had specific games installed in the computers. The subtype of this ransom ware is crytovirus. It is classified as Trojan horse with the operating system of windows which was affected the most. When it used to affect the computer the malware software started to search 185 extensions of 40 different games which included the call of duty series, world of war craft, and world of tanks. As soon as it found the extensions it started to encrypt them. Mainly the saved data used to be attacked. Not only the saved data used to be attacked the player’s profiles, customs maps and game mods stored on the victim’s hard drives were also be attacked. For unlocking all those files and data the victim is promoted to pay a ransom of 500$ in order to get the key to unlock the encrypted files.

While assembling the crypto locker, teslacrypt never used to share any code with crypto locker. The malware which used infect the computer it used to infect by angler adobe flash exploit. It was also claimed that teslacrypt ransom ware used asymmetric encryption to lock the files of the victim. There were researchers from Cisco’s tales group found that symmetric encryption was a tool which was used to unlock the victims file. Mostly this ransom ware was infected to the computers which had the software of windows. Now they are analyzing that which program can be found out so that the victim can use the same master keyword to lock and unlock the files. There are many versions of teslacrypt. But only of two versions the key is given which are as follows:

  • The systems which are infected by ransom ware stores they have a encryption key word to unlock the files which is key.dat
  • The ones which have to delete the encrypted files after finishing they have a different version plus the different key to unlock which is RECOVERY_KEY.TXT

They also have started using the malicious program which actually uses symmetric encryption algorithm which is known as AES. This algorithm uses the key to lock and unlock the files. While the researchers are developing a new tool so that the victim can decrypt the file as soon as it is locked. While the victims are should save a copy while unlocking the file and even when they are typing the master keyword. This malware is very dangerous for the people who are game lovers. Playing games is not harmful but you should always check the site and play the games. The researchers are still in process of finding more keywords so that the users should not through any problem. Now gradually they are increasing the money to unlock the files which have been locked.

The researchers have recently said that they are working on the algorithm used by attackers to lock the users file. Then people to do these things are very dangerous as they can lock there any file and for unlocking the users have to pay high amount which somebody likes and somebody doesn’t likes. If, the researchers are successful the files will not be locked at any cost because the master key they use will be given to each user whose files will be locked and that user can unlock the files, games and, may more things which have been locked. As mentioned above, the Teslacrypt which uses the asymmetric encryption is totally based on the RSA public key. If this statement comes out to be true then that store key will be given to each user whose files, games and everything is blocked.

How to remove the Bom Sabado worm in Orkut.

Are you infected with “Bom Sabado” ?

Bom Sabado is a XSS (cross-site scripting) attack which floods your orkut scrapbook with “Bom Sabado” scraps.

The word “Bom Sabado” means “Good Saturday” in Portuguese, which is the also the official language of Brazil, one of the last remaining Orkut bastions in the world. Such XSS attacks have targeted Orkut in the past too.

Steps to remove Bom Sabado from your orkut account.

No need to change your account info or delete your account as the worm does not steal your account details . Just need to block it .

1. Use Mozilla add on AdBlock Plus . Download it from here.

2. After the browser restarts , Click on the ABP button on the tool bar and select preferences.

3. Click Add filter and enter *tptoos.org/* .

Now you can safely login to Orkut and reset the changes made by the worm .