General Discussions

Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
Has Anyone Heard of This Problem?
  • Current rank: 3 Stars. Next Rank at 4000 Posts.
    Send a message to linesma
    ELITE
    linesma posted on Mar 15, 2015 8:42:52 AM - Report post
     
    While perusing the BBC News website the other day, I ran across an article about a ransomware affecting gamers. Has anyone heard about this? Here is a link to the news story. Link What are your thoughts about it?
    And those who were seen dancing were thought to be insane by those who could not hear the music. - Friedrich Nietzsche
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 15, 2015 9:25:25 AM - Report post
     
    I think a few new sites that offer torrents and Direct Downloads where using a loader to get stuff, but they weren't really and all it did was install malware and of course some root accessing apps that looked for the most popular .exe files and barred access to it.

    If you are in the know you can amend privileges and get access again, but the app is constantly running multiple times and is constantly changing them back.

    From the information I know, it calls home when connected to the net, and will record any keystrokes you make also.

    Basically it comes down to people's greed and that is why they get infected with it.

    I know it says it crypts saves, but from what I have heard .exe files also.

    [Edited by DABhand, 3/15/2015 9:27:04 AM]
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Premium Plus
    Send a message to Jaks
    SPEC OPS
    Jaks posted on Mar 15, 2015 9:33:58 AM - Report post
     

    The article says the user will only get an unlock key after paying a ransom of at least $500 (£340) in Bitcoins.

    Ironically enough, I saw where the Bitcom phenomena is over with now, ever since several million were discovered missing.

    People have more fun than anybody.

    Keep your Fighting clean and your Sex dirty.
  • Current rank: 4 Stars. Next Rank at 10.000 Posts.
    Send a message to Neo7
    AUTHOR
    Neo7 posted on Mar 15, 2015 11:40:59 AM - Report post
     
    It is a real thing and it appears to target game saves of popular games rather than all other files (may change or be incorrect though, not 100% on that). It appears to use the Angular Exploit Kit which is a web based attack. McAfee did a good write-up on the exploit vector if you're interested in how the infection portion works: Link (PDF File)

    The actual payload itself is a standard encryption and demand payment of $1000 USD or 500 Bt Coins for a "promise" of the decryption key.


    I can't really see many people paying the randsome though (probably why the price is very high). I know some people will be mad over losing a save but I don't see many people valuing them at $1000+

    [Edited by Neo7, 3/15/2015 11:48:49 AM]
    Your bitterness, I will dispel
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 15, 2015 1:35:21 PM - Report post
     
    Most AAA games have synced saves on a server also.
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Current rank: 4.5 Stars. Next Rank at 20.000 Posts.
    Send a message to ServiusTheBear
    AUTHOR
    ServiusTheBear posted on Mar 15, 2015 3:35:20 PM - Report post
     
    O.o wtf is all I can say to this and do they really think some one is going to pay? If these damn security firms know. They should be finding a way to stop this or at least having the dang AV's stop it from even getting in!
    CH Moderator From 16.12.2018 to 24.12.2021
    Active Community Helper from 25.12.2021
    My Site - www.serviusthebear.webs.com
  • Current rank: 3 Stars. Next Rank at 4000 Posts.
    Send a message to linesma
    ELITE
    linesma posted on Mar 15, 2015 11:19:45 PM - Report post
     
    quote:
    originally posted by Neo7

    It is a real thing and it appears to target game saves of popular games rather than all other files (may change or be incorrect though, not 100% on that). It appears to use the Angular Exploit Kit which is a web based attack. McAfee did a good write-up on the exploit vector if you're interested in how the infection portion works: Link (PDF File)

    The actual payload itself is a standard encryption and demand payment of $1000 USD or 500 Bt Coins for a "promise" of the decryption key.


    I can't really see many people paying the randsome though (probably why the price is very high). I know some people will be mad over losing a save but I don't see many people valuing them at $1000+

    [Edited by Neo7, 3/15/2015 11:48:49 AM]

    So from reading the attached link, if I use a script blocker on my browser (Adblock plus), ensure everything is up to date (OS and AV), and use good internet practices, I should be okay?

    And those who were seen dancing were thought to be insane by those who could not hear the music. - Friedrich Nietzsche
  • Current rank: 1.5 Stars. Next Rank at 500 Posts.
    Send a message to DaCrazyBeggar
    CHAOTIC VOID
    DaCrazyBeggar posted on Mar 22, 2015 9:42:15 PM - Report post
     
    quote:
    originally posted by linesma

    quote:
    originally posted by Neo7

    It is a real thing and it appears to target game saves of popular games rather than all other files (may change or be incorrect though, not 100% on that). It appears to use the Angular Exploit Kit which is a web based attack. McAfee did a good write-up on the exploit vector if you're interested in how the infection portion works: Link (PDF File)

    The actual payload itself is a standard encryption and demand payment of $1000 USD or 500 Bt Coins for a "promise" of the decryption key.


    I can't really see many people paying the randsome though (probably why the price is very high). I know some people will be mad over losing a save but I don't see many people valuing them at $1000+

    [Edited by Neo7, 3/15/2015 11:48:49 AM]

    So from reading the attached link, if I use a script blocker on my browser (Adblock plus), ensure everything is up to date (OS and AV), and use good internet practices, I should be okay?

    Pretty much, especially the "good internet practices part", most importantly, keep Brain.exe constantly updated to the newest version. It's the best security measure you have, especially when handling files on the Internet.

Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
All times are (GMT -06:00) Central Time (US & Canada). Current time is 3:26:23 PM