Downloaded torrent - pay. A new type of fraud

[Адвокат]

Downloaded torrent - pay. A new type of fraud

Just yesterday, I came across an interesting news item.

A new virus began to surf the net, using the good old "social engineering."

The principle of operation is simple as 3 pennies. The Trojan easily penetrates the victim’s computer and searches for the necessary files. What do you think? Exe? Doc? Nope. .torrent. If it detects at least one file, then you get the following picture on the screen:

 

[Адвокат]

Briefly translated: Lyalyalya Poplar, you illegally downloaded content from a pirate site and they say you need to pay for permission and a fine of just $ 400. Even an estimate is attached.
Next are the threats, they say "to violate is not good," "fear God," "but what about civic responsibility." By the way, I want to ask all the time, does anyone at all really know, “What is civil liability?” I never understood this, I did not study it, no one explained it, but I know that in the army and during interrogations, they constantly put pressure on it. Fuck knows what it really is. The main thing everyone knows that this is “Uuuuu”, but when it really comes to the interpretation, then it is different for everyone. Sorry, distracted from the main topic. As usual skidded.

In general, if you are trying to refuse this action, then a warning pops up, saying, "they will sit you down, but you do not steal" © Popanov.

So far, this kind of infection has spread only in the west, since Russian users are likely to send all three letters for the same amount than they will do something and they will obviously suspect something is wrong. And then the "filmmakers" wrote one letter here. Laughed for a long time. Well, how are they trying to rip off money for shit movies from the people by order.

Symptoms of a trojan can be determined by the following:

The left file appears in the directory:% System% \ c_100009.exe

Prescribes itself in the registry in the following sections:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ ESENT \ Process \ ipconfig
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ ESENT \ Process \ ipconfig \ DEBUG
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ qrjaslop
HKEY_CURRENT_USER \ Software \ qrjaslop

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ ESENT \ Process \ ipconfig \ DEBUG]
Trace Level = ""
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings]
6 = 7C 21 51 93
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ Run]
jbte = "% System% \ c_100009.exe"

so that c_100009.exe runs every time Windows starts

[HKEY_LOCAL_MACHINE \ SOFTWARE \ qrjaslop]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings]
[HKEY_CURRENT_USER \ Software \ qrjaslop]

It also registers in hosts on the local machine:

127.0.0.1 mininova.org
127.0.0.1 https://www.mininova.org
127.0.0.1 thepiratebay.org
127.0.0.1 https://3.mo.mirsudrf.ru/modules.php?nam ... urt & id = 217
127.0.0.1 suprbay.org
127.0.0.1 https://www.suprbay.org
127.0.0.1 forum.mininova.org
127.0.0.1 blog.mininova.org

Thus, intercepting a lot and he is already processing as he needs.

Good luck and safe internet.

PS Kaspersky Anti-Virus already knows about the infection.

Source: https://www.sd-company.su/news/296

 

[Матушкин Андрей Николаевич]

Thank.