[CLOSED] This just in via Server but not in Panda Search: FYI
3 posts
• Page 1 of 1
[CLOSED] This just in via Server but not in Panda Search: FYI
by polalor » Fri, 13 Jul 2012, 02:57
After Monday's Malware/Fed fizzle, I hesitate posting warnings on FB. Anyone hear of what's below? It was just sent to me in a Charter newsletter. (Charter: TV, computer, et., al).
Security Matters: The Police Trojan
Security Matters: The Police TrojanA new virus commonly known as the "Police Trojan" has been infecting computers across Europe and has found its way to our shores3. Becoming familiar with this scam may help you avoid becoming a victim!
What is the Police Trojan?
The Police Trojan is a new kind of malware known as "ransomware". Ransomware does exactly what it suggests; it takes your computer hostage and demands payment to get it back. The Police Trojan is more sophisticated than other ransomware as it can localize and modify itself to display in the victims language and with the correct geographic law enforcement agency.1
What does it do?
Once downloaded, the Police Trojan reaches out to a server for instructions, specifically asking if your location falls into its list of targets. If it receives the go ahead, it will lock down your computer. Then, the virus displays a message with images corresponding to where you are located. Next, the Trojan lists a number of alleged illegal materials and activities that your computer has been accused of obtaining.1 Then it asks for payments and waits for you to pay, typically suggesting payment methods that cannot be reversed and are difficult to trace2. However, paying is not a guarantee that you will regain control.
How is this virus transferred?
There are a few ways that this virus can be transferred. Experts suspect that the most prevalent way is through certain vulnerabilities in versions of Adobe Reader, Flash Player, Java and Windows that have not been updated.2 These unpatched versions allow for "drive-by" downloads, meaning downloads that occur without your knowledge. Other ways that it can be transferred is through a link in an email, a pop-up window, or a compromised site.
What can I do?
Most importantly, carefully assess the situation if you receive a demand for payment. It may be a scam and there are ways to deal with it without giving into the demands of the cyber-criminals.
To help prevent issues like this, consider following the suggestions below:
Install a comprehensive antivirus program on all computers within your home – even the computers that do not get used very often. Be sure you keep the program up-to-date with the latest virus definitions and run regular virus scans.
Install and run firewall.
Keep your Operating System (OS) and installed programs up-to-date with the latest patches. Better yet, set your OS to install updates automatically.
The best way to resolve this situation is to remove the virus. If you are unable to do so yourself, please seek an experienced IT professional to help you safely clean your computer. It is always a good idea to back up your system before this happens. This will give you or the IT professional the ability to take your files back to a time before you were infected.
If you are lacking complete protection for your computer, consider downloading the Charter Security Suite®. Available for both Mac® and Windows® PC, the Charter Security Suite® includes a variety of tools to help keep you safe while online. You can install the Charter Security Suite® on up to three computers within your home and it's included at no additional cost to Charter Internet® Express, Plus, Max, and Ultra customers. Visit charter.com/securitysuite to learn more.i
Sources:
1. David Sancho and Feike Hacquebord, (2012), Trend Micro Research Paper, The "Police Trojan" An In-Depth Analysis, Read Article
2. Lucian Constantin, (2011, Dec 20), New Ransomware Displays Bogus Police Alerts, Requests Payment of a Fine, Read Article
3. Lucian Constantin, (2012, May 09), Police-themed ransomware starts targeting US and Canadian users, Read Article
Security Matters: The Police Trojan
Security Matters: The Police TrojanA new virus commonly known as the "Police Trojan" has been infecting computers across Europe and has found its way to our shores3. Becoming familiar with this scam may help you avoid becoming a victim!
What is the Police Trojan?
The Police Trojan is a new kind of malware known as "ransomware". Ransomware does exactly what it suggests; it takes your computer hostage and demands payment to get it back. The Police Trojan is more sophisticated than other ransomware as it can localize and modify itself to display in the victims language and with the correct geographic law enforcement agency.1
What does it do?
Once downloaded, the Police Trojan reaches out to a server for instructions, specifically asking if your location falls into its list of targets. If it receives the go ahead, it will lock down your computer. Then, the virus displays a message with images corresponding to where you are located. Next, the Trojan lists a number of alleged illegal materials and activities that your computer has been accused of obtaining.1 Then it asks for payments and waits for you to pay, typically suggesting payment methods that cannot be reversed and are difficult to trace2. However, paying is not a guarantee that you will regain control.
How is this virus transferred?
There are a few ways that this virus can be transferred. Experts suspect that the most prevalent way is through certain vulnerabilities in versions of Adobe Reader, Flash Player, Java and Windows that have not been updated.2 These unpatched versions allow for "drive-by" downloads, meaning downloads that occur without your knowledge. Other ways that it can be transferred is through a link in an email, a pop-up window, or a compromised site.
What can I do?
Most importantly, carefully assess the situation if you receive a demand for payment. It may be a scam and there are ways to deal with it without giving into the demands of the cyber-criminals.
To help prevent issues like this, consider following the suggestions below:
Install a comprehensive antivirus program on all computers within your home – even the computers that do not get used very often. Be sure you keep the program up-to-date with the latest virus definitions and run regular virus scans.
Install and run firewall.
Keep your Operating System (OS) and installed programs up-to-date with the latest patches. Better yet, set your OS to install updates automatically.
The best way to resolve this situation is to remove the virus. If you are unable to do so yourself, please seek an experienced IT professional to help you safely clean your computer. It is always a good idea to back up your system before this happens. This will give you or the IT professional the ability to take your files back to a time before you were infected.
If you are lacking complete protection for your computer, consider downloading the Charter Security Suite®. Available for both Mac® and Windows® PC, the Charter Security Suite® includes a variety of tools to help keep you safe while online. You can install the Charter Security Suite® on up to three computers within your home and it's included at no additional cost to Charter Internet® Express, Plus, Max, and Ultra customers. Visit charter.com/securitysuite to learn more.i
Sources:
1. David Sancho and Feike Hacquebord, (2012), Trend Micro Research Paper, The "Police Trojan" An In-Depth Analysis, Read Article
2. Lucian Constantin, (2011, Dec 20), New Ransomware Displays Bogus Police Alerts, Requests Payment of a Fine, Read Article
3. Lucian Constantin, (2012, May 09), Police-themed ransomware starts targeting US and Canadian users, Read Article
Last edited by VirusBuster on Tue, 21 Aug 2012, 09:06, edited 2 times in total.
Reason: Changed topic type to Normal
Reason: Changed topic type to Normal
- VirusBuster
-
- Posts: 1602
- Joined: Mon, 02 Apr 2012, 17:53
- Location: Panda HQ - Bilbao
Re: This just in via Server but not in Panda Search: FYI
by VirusBuster » Fri, 13 Jul 2012, 13:53
For disabling this kind of malware you can use our Panda Rescue Disk.
You can find it in the Disinfection tools subforum
Bear in mind that it will disable every application loaded at Windows startup from the registry, so you may need to reinstall the applications loaded at startup
Once its disabled run a scan with your antivirus
You can find it in the Disinfection tools subforum
Bear in mind that it will disable every application loaded at Windows startup from the registry, so you may need to reinstall the applications loaded at startup
Once its disabled run a scan with your antivirus
Regards,
Jorge Torre
TechSupport Department, Panda Security
Retail & Malware Team
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department, Panda Security
Retail & Malware Team
I don't reply to private messages unless I have previously requested them
- VirusBuster
-
- Posts: 1602
- Joined: Mon, 02 Apr 2012, 17:53
- Location: Panda HQ - Bilbao
Re: This just in via Server but not in Panda Search: FYI
by VirusBuster » Tue, 21 Aug 2012, 09:06
Closed due to lack of response
TOPIC CLOSED
TOPIC CLOSED
Regards,
Jorge Torre
TechSupport Department, Panda Security
Retail & Malware Team
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department, Panda Security
Retail & Malware Team
I don't reply to private messages unless I have previously requested them
3 posts
• Page 1 of 1
Return to Virus - Archive Issues
Who is online
Users browsing this forum: No registered users and 0 guests