DailyDirt: Is It Time To Change Your Passwords (Again)?

from the urls-we-dig-up dept

Passwords are an everyday part of life now, but so are stories of millions of people having their login credentials stolen. It's easy to say that everyone should use better passwords, but how many people really want to remember to constantly change their passwords or get a 2-factor authentication call regularly just to check their emails? Sure, there are some systems that make it a bit easier to deal with 2-factor authentication, but the vast majority of users don't want to be bothered with the hassle at all. Here are just a few more security-related links to push you into re-thinking password laziness.

• A password like "MargaretThatcheris110%SEXY" isn't that secure against offline high-speed password cracking. Humans are really bad at making up random passwords, but that's what you need to do to maximize the security of your passwords. So we're back to suggestions like "correct horse battery staple" and other random (and long) passwords. [url]
• If only ransomware used weak passwords to decrypt files, maybe some folks wouldn't be so inconvenienced. But if you're a victim of a ransomware scheme, there's at least one decryption program from Kaspersky Lab that might help you out. [url]
• Windows 10 is going to support biometric logins using face recognition, iris detection and fingerprint scanners. Does anyone think this is really a significant advancement? The challenge of using various biometric systems doesn't seem like a solved problem just yet. [url]

After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.

Filed Under: biometrics, face recognition, fingerprints, passwords, ransomware, security, two factor authentication, windows 10
Companies: kaspersky lab, microsoft

PSA: Don't Kill Yourself, Literally, Over BS Ransomware

from the tragic-lies dept

We've talked about ransomware in the past, the process by which criminals pose as either rights holders or law enforcement to convince people that they must pay large sums of money for transgressions in order to avoid serious jail time. Copyright infringers have frequently been targets of these kinds of lies and, more recently, NSA-themed ransomware has begun to appear. While the more savvy internet user may realize that these threats are great big steaming piles of crap that can be cleansed with an antivirus program, more naive folks can understandably have the hell scared out of them and find themselves devulging credit card information.

But we've reached a new level of tragedy when it comes to this kind of criminal endeavor, with one Romanian man reacting to ransomware in the extreme, killing himself and his young son as a result of his machine's infection.

The report of the tragic incident comes from the small Romanian commune of Movila Miresii which is made up of three small villages and located in Brăila County in the east of the country. Local paper Braila24 reports that Marcel Datcu, 36, hanged himself in the living room of his home along with his four-year-old son Nicusor. The report claims a suicide note left to his wife explained that the reason for taking his own life was:

"I received a warning [on my computer] that said I have to pay 70.000 lei [£13,000] or go to prison for 11 years."

Just so we're clear, there is obviously something else going on with this man other than his simply receiving a ransomware infection. To kill yourself is horrific enough, but to take the life of a young child over any amount of money or years in jail is tragic on a level that defies scale. I imagine there is likely a serious mental health issue at hand here, otherwise I'm completely at a loss.

With that said, nobody should pretend for a moment that the acts of malware distributors should be completely absolved in this case. The impersonation of law enforcement and threats of jail time deserve reprecussions on their own, but to have contributed to the mental breakdown of this man, which tangentially contributed to a suicide and a murder, must not go unnoticed. Many of us wave these kinds of attacks off as the cost of doing business when it comes to internet browsing. That isn't enough.

Instead, serious educational efforts should be taken on to inform the public of these kinds of threats. The silence from those that "legitimately" engage in these threats (law enforcement, copyright trolls, etc.) is deafening. Were they smart, they'd be out in front of this story, letting everyone know that they would never engage in such malware infection as a threat tactic. Unfortunately for them, so many stories of their underhanded actions have come out that I'm not entirely sure how many people would trust them.

Still, people need to know the farce that this kind of malware is, lest we let similar tragedies like this one continue to occur.

Filed Under: overreaction, ransomware

And Here Comes The NSA-Themed Ransomware

from the featuring-scary-logos,-acronyms-and-third-party-money-services dept

It was only a matter of time before this happened. The latest government agency to have its name and logo splashed across some clumsy ransomware is none other than everyone's least favorite intelligence agency, the NSA. This ransomware specifically mentions the NSA's preferred web data harvester and interceptor, PRISM, in its shake down of users who snag the triplines of malware-infested websites. (via)

While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that carry FakeAV and Ransomware. These websites seem to have been hijacked. They are all hosting the malicious content over port 972 and use similar URL patterns. Here are a couple examples:

kringpad.websiteanddomainauctions.com:972/lesser-assess_away-van.txt?e=20
miesurheilijaaantidiabetic.conferencesiq.com:972/realism_relinquish-umbrella-gasp.txt?e=21
squamipi.worldcupbasketball.net:972/duty_therefore.txt?e=21

The malicious files seem to be changing. It started with the classic FakeAV, then switched to a fake PRISM warning. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.

Preying on vague, unverifiable fears is what ransomware specialists do best. These particular criminals started out by pushing Fake AV [not its real name], which would return "reports" stating the unfortunate user's computer was literally overrun with viruses. In exchange for perfectly good money, the software would rid itself of problems the user never had while inserting other malware and spybots.

But nothing makes money like topical fears, especially for users who are only slightly aware of the NSA scandal and have picked up just enough knowledge to be dangerous… to themselves. A quick read of the ransomware screen should alleviate the fears of anyone halfway familiar with nefarious web tactics, but the uninitiated may be scared enough to just start throwing money at the screen.

In addition to throwing as many official logos as it can at the user, the lockscreen also dumps a large number of scary looking (and eerily misspelled) words onto the screen for good measure. If the misspellings don't tip the user off, chances are they won't question why the government would essentially take a lowball bribe of $300 rather than prosecute them and pursue a "mandatory term of imprisonment for 6 month to 10 years [all sic]" and a $250,000 fine.

This will presumably be an effective tactic even if the NSA is no longer considered newsworthy by the mainstream media. Users who are cowed by a handful of logos probably aren't going to be tuned into the nuances of these various federal agencies. But the point that should be driven home to every user is that no federal agency is going to allow you to buy your way out of a serious criminal charge and very definitely won't be collecting fines through third-party services.

Filed Under: nsa, prism, ransomware, scams

New Ransomware Targets Porn Pirates, Makes Copyright Threats

from the hey-that's-a-good-idea dept

Ransomware viruses that hijack a a user's computer and demand payment for snake-oil anti-virus software are nothing new, but there's a new twist on it in Japan. A new virus targets people downloading hentai (an explicit form of anime cartoons) from P2P networks, and poses as an installation screen for a game that asks for users' personal info. Once this is entered, it starts taking screengrabs of users' web activity, which it posts online under their name, and asks for payment of 1500 yen (about $16) to "settle your violation of copyright law" and take down the page. There's a similar scam running in Europe, says a security firm, in which a virus scans a computer's hard drive, and regardless of what it finds, demands payment of $400 for a "pretrial settlement" of copyright infringement claims. Essentially these scams are just online versions of what firms like Digiprotect, ACS:Law and Davenport Lyons do through the mail -- send out thousands of letters demanding people pay up for supposedly downloading copyrighted content. That scheme (which manages to ensnare plenty of innocent users) is quite profitable for the firms that run it -- so it shouldn't be too surprising to see malware scammers move in. It's an interesting question, though: really, what's the fundamental difference between what the malware peddlers and these supposedly legitimate companies are doing?

Filed Under: copyright, porn, ransomware