« previous next »
Pages: [1]   Go Down

Author Topic: A new method to monetize scareware  (Read 8256 times)

0 Members and 1 Guest are viewing this topic.

March 20, 2009, 06:45:37 am
Read 8256 times

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
A new method to monetize scareware
Logged
Ruining the bad guy's day
March 20, 2009, 07:05:46 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: A new method to monetize scareware
Some hints for making a decrypter:

The last 4 bytes of the file contain the key. Xor each 4 bytes of the file with the key.

http://forums.devshed.com/antivirus-protection-117/filefix-professional-2009t-595267-4.html

example code:

http://blog.fireeye.com/files/file-2.pl

online decrypter :

https://filefix.fireeye.com/
Logged
Ruining the bad guy's day
March 21, 2009, 12:09:06 am
Reply #2

bobby

  • Special Members
  • Hero Member
  • Offline
  • *
  • 322
    • Malzilla
Re: A new method to monetize scareware
Logged
March 21, 2009, 11:13:06 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Re: A new method to monetize scareware
Nice one bobby :)

I've posted a linky to your post here, over at Malwarebytes :)
Logged
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
March 22, 2009, 12:47:18 am
Reply #4

bobby

  • Special Members
  • Hero Member
  • Offline
  • *
  • 322
    • Malzilla
Re: A new method to monetize scareware
Tool updated twice today.
Some FP fixed, fixed form showing on various DPI settings etc.
Logged
March 22, 2009, 04:03:33 am
Reply #5

sowhat-x

  • Guest
Re: A new method to monetize scareware


Took the courage to also post it over at the comments section in FireEye's blog entry,
so that it is easier for infected people to find it... :)
Logged
March 22, 2009, 11:15:32 am
Reply #6

bobby

  • Special Members
  • Hero Member
  • Offline
  • *
  • 322
    • Malzilla
Re: A new method to monetize scareware
Quote from: sowhat-x on March 22, 2009, 04:03:33 am
Took the courage to also post it over at the comments section in FireEye's blog entry,
so that it is easier for infected people to find it... :)
Let's hope they will allow link to other sites. I do not believe they would post your comment.
Logged
March 22, 2009, 11:24:55 am
Reply #7

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: A new method to monetize scareware
Quote from: bobby on March 22, 2009, 11:15:32 am
Quote from: sowhat-x on March 22, 2009, 04:03:33 am
Took the courage to also post it over at the comments section in FireEye's blog entry,
so that it is easier for infected people to find it... :)
Let's hope they will allow link to other sites. I do not believe they would post your comment.

No problem. I posted several links to MDL in the past. The links have been published.
Logged
Ruining the bad guy's day
March 23, 2009, 07:59:48 am
Reply #8

sowhat-x

  • Guest
Re: A new method to monetize scareware
It's nice of them that they published the comment...what i originally thought was,
that not that many "common" windows end-users actually have Perl installed in their boxes...
Logged
March 24, 2009, 07:06:14 pm
Reply #9

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: A new method to monetize scareware
Logged
Ruining the bad guy's day
Pages: [1]   Go Up
« previous next »