Jerm
join:2000-04-10
Richland, WA
| reply to Jason Levine
Just FWIW...
The websites aren't hosted on actual servers like you and I are used to: The website that downloads the trojans to the PC are actually hosted on infected zombie machines - ie cable modem, DSL, and other various broadband connection hacked machines.
Want to read more about zombie attacks? Great read here:
»grc.com/dos/grcdos.htm |
|
Jason Levine
Premium
join:2001-07-13
USA | reply to wilburyan
Re: USB drive
Nope, it's an e-Gold account. I'm guessing the Feds have either already had the account frozen or are keeping it running at the moment just to track who's logging into it. |
|
Jason Levine
Premium
join:2001-07-13
USA
1 edit | reply to wifi4milez
Exactly. If anything, this is a dumb criminal scheme.
First of all, they have an e-mail address (removed for purposes of the screenshot, but I'm sure it's fully visible in the "live" version). This is apparently a box that's being checked by the extortionists in some way, shape, or form. (Otherwise, how would they arrange for those $200 payments?) There's got to be a way to track who's accessed that account and from where.
In addition, it relies on redirecting users to a website to download the trojan. Find out who set up that website and you've found your scammer (or at least one of them).
Failing that, the authorities could e-mail the address pretending to be a user whose data files were locked out. (For additional authenticity, they could intentionally infect a sacrificial box that didn't have anything important on it.) Once contact is made, payment arrangements can be set up and the criminals tracked down.
This guy (group?) has left many ways to track them down. I wouldn't be surprised to hear of an arrest in this case in the not too distant future. (Law enforcement can take it's time in order to get things right sometimes, so that might slow down the actual arrest announcement somewhat.)
EDIT: The Websense article reveals that the payment method is an e-Gold account. This should be very easy to trace. In addition, the whole thing should be easy to take offline. Take down the website hosting the trojan and shut down the e-Gold account. (Sure, the scammers will release another version that connects to a different website and e-Gold account, but it'll take them offline for awhile.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
wilburyan
join:2002-08-01 | reply to wifi4milez
Not if it's a Westurn Union Money order... a con artist's best friend  |
|
wifi4milez
Big Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY
 ·Verizon FIOS
 ·Sprint Mobile Broa..
 ·RoadRunner Cable
 ·BroadVoice
| reply to Liontaur
Cant they just track where you send the money and have the local authorities arrest the criminals when they come to pick up the cash? Clearly the criminals are not in the US, but extortion MUST be illegal in 99% of the countries in the world. Unless of course the local authorities (or govt) are in on the scheme......
--
I like dogs, guns, and cheeseburgers. Whats your malfunction? |
|
Ender_W
Does Microsoft Mean Small And Squishy?
join:2002-09-14
Saint Louis, MO | reply to nivago
They will be at the same risk if plugged in. |
|
Liontaur
Lets Get Boincing Already
Premium,MVM,ExMod 2004-06
join:2001-11-03
Salmon Arm, BC
clubs:   
| reply to nivago
quote:
This website hosts the application that encodes files on the user's local hard disk and on any mapped drives on the machine.
Looks like any drives that are mapped could be affected. Very sneaky.
--
Are you ready to start BOINCing? Read my blog |
|
nivago
Think For Yourself
join:2000-11-16
Little Rock, AR | Would it be safer to store personal files on a removable drive? Or is it also vulnerable to infection when you plug it in? |
|
