republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Your Data, Held Hostage » USB drive
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Forget it. »
« He used a Yahoo e-mail account  
AuthorAll Replies


Jason Levine
Premium
join:2001-07-13
USA

1 edit		reply to wifi4milez
Re: USB drive

Exactly. If anything, this is a dumb criminal scheme.

First of all, they have an e-mail address (removed for purposes of the screenshot, but I'm sure it's fully visible in the "live" version). This is apparently a box that's being checked by the extortionists in some way, shape, or form. (Otherwise, how would they arrange for those $200 payments?) There's got to be a way to track who's accessed that account and from where.

In addition, it relies on redirecting users to a website to download the trojan. Find out who set up that website and you've found your scammer (or at least one of them).

Failing that, the authorities could e-mail the address pretending to be a user whose data files were locked out. (For additional authenticity, they could intentionally infect a sacrificial box that didn't have anything important on it.) Once contact is made, payment arrangements can be set up and the criminals tracked down.

This guy (group?) has left many ways to track them down. I wouldn't be surprised to hear of an arrest in this case in the not too distant future. (Law enforcement can take it's time in order to get things right sometimes, so that might slow down the actual arrest announcement somewhat.)

EDIT: The Websense article reveals that the payment method is an e-Gold account. This should be very easy to trace. In addition, the whole thing should be easy to take offline. Take down the website hosting the trojan and shut down the e-Gold account. (Sure, the scammers will release another version that connects to a different website and e-Gold account, but it'll take them offline for awhile.)

--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/
to forum · permalink · · 2005-05-24 11:24:36 · Reply to this


Jerm

join:2000-04-10
Richland, WA

Just FWIW...

The websites aren't hosted on actual servers like you and I are used to: The website that downloads the trojans to the PC are actually hosted on infected zombie machines - ie cable modem, DSL, and other various broadband connection hacked machines.

Want to read more about zombie attacks? Great read here:
»grc.com/dos/grcdos.htm
to forum · permalink · · 2005-05-24 12:48:49 · Reply to this
Forums » Your Data, Held HostageForget it. »
« He used a Yahoo e-mail account  

Monday, 23-Nov 13:42:13 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [41] New AT&T Ad Campaign Hits Back At Verizon
· [19] Frontier Increases Modem Rental Fee
· [18] Earthlink Suffers From Major E-mail Outage
· [5] Vivendi In Way Of Comcast's NBC Desires
· [4] Monday Morning Links
Most people now reading
· Big Bank Alternative to Bank of America? [General Questions]
· Extra charge to use Master Card instead of Visa? [General Questions]
· Best Bluray player [General Questions]
· Bell's Network Management practices page [TekSavvy]
· Windows 7 boot manager editing questions [Microsoft Help]
· Rate my website [General Questions]
· openSUSE 11.2 problems and solutions? [All Things Unix]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· linux box alternative to NetEqualizer ? ? Does it exist? [Wireless Service Providers]
· Sealing air ducts [Home Repair & Improvement]