Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    New York, NY, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool Reveton Ransomware - Computer Camera

    Hi, folks

    I'm new to the forum. I just spent some time on a Sunday removing this very scary ransomware from a client's computer.

    http://www.fbi.gov/sandiego/press-re...o-extort-money

    It is not actually difficult to remove, but it has a very unsettling behavior. It uses the camera on your computer to snap a photo. So when it warns that you have pornography and such on your computer, there is a picture of you looking at it.

    This client has a family history that made him especially sensitive to the fact that this purported to come from the FBI. He paid the ransom of $200. Although it was promised that the phony shell would then go away, it did not.

    I suggested that he cover his camera when not using it. I have done the same on my computers. Who knows who is looking? I've also heard rumor of invasions that turn on your microphone. I'm not sure how to prevent that.

    Linda

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,158
    Thanks
    204
    Thanked 209 Times in 201 Posts
    I'd unplug the camera, if it's external. If not, I'd cover the lens. And disable it in Windows.

    Same for the microphone. Put some thick tape over it, plug in a disconnected plug into the microphone jack, and disable it in Windows.

    If you think about it, you really don't need a camera and a microphone on your computer. If you want to talk with someone, pick up the phone and call them.

  4. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,286
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by mrjimphelps View Post
    I'd unplug the camera, if it's external. If not, I'd cover the lens. And disable it in Windows.

    Same for the microphone. Put some thick tape over it, plug in a disconnected plug into the microphone jack, and disable it in Windows.

    If you think about it, you really don't need a camera and a microphone on your computer. If you want to talk with someone, pick up the phone and call them.
    That's just fighting the symptoms, not curing the disease. Getting up to date, decent security apps and being careful about your online activities, to avoid downloading these nasties, is really the way to go.

  5. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    I agree with Ruirib, but I have to say that taking a snapshot from the webcam is a real nasty piece of social engineering that would make many unwary people think the report is genuine.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  6. #5
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,158
    Thanks
    204
    Thanked 209 Times in 201 Posts
    I never use the camera and microphone, and that's why I'd unplug / disable them. I'd reconnect them only if I needed them.

    And I agree, Rui, that you should definitely have up-to-date security apps and be careful on-line.

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,286
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by mrjimphelps View Post
    I never use the camera and microphone, and that's why I'd unplug / disable them. I'd reconnect them only if I needed them.

    And I agree, Rui, that you should definitely have up-to-date security apps and be careful on-line.
    These days cameras and microphones are a bit more used. Skype can be cheaper than a regular cell or landline phone call . Guess all new advantages come with a risk too, and user lack of information can be a powerful weapon in the hands of a ransomware creator.

  8. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,444
    Thanks
    128
    Thanked 495 Times in 455 Posts
    I think the very best one can expect of a novice user is the OP's original statement of placing some form of cover over the camera
    when it is not in direct use. It's absolutely the most non technical and simplest thing one can do.

    The next best thing would be maintaining updated AV/AM signatures along with an active and running firewall.
    It would also not be a bad idea to really go over whatever programs use the camera and see what they offer in terms of security and hijack
    prevention, since this sort of thing is becoming increasingly more common.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    New York, NY, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sadly, av software fails to prevent some of these drive by attacks.

  10. #9
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,158
    Thanks
    204
    Thanked 209 Times in 201 Posts
    Whenever something can be used to monitor ME, I like to be able to easily disable it when I'm not using it, to make sure that that isn't happening.

    I read a story a while back about how the police listened in on a conversation someone had IN THEIR CAR, via their Onstar, without the person knowing that he was being monitored. That's why I'll never have Onstar, because it's hard wired into the car, and there's no easy way to "unplug" it when not in use.

    On the other hand, Radio Shack used to sell a copycat device which was like Onstar, which you had to actually plug in to use. That would be something I would like to have, because it would do what it was supposed to do -- benefit me when I wanted it to, and be completely off when I wanted it to.

  11. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,286
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by lindacjones View Post
    Sadly, av software fails to prevent some of these drive by attacks.
    Use a good AV and complement it with other apps that may help. I run a HIPS and an AV. My AV is top rated and does provide a behavior blocker coupled with signature detection. Between the two, no program can run without my permission.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •