Well, it had to happen, of course. No sooner have IT users been severely spooked by the GOzeuS and Cryptolocker than the hacking community is stalking them some more, trying to exploit their understandable doubts and fears.
According to Alex Balan, Head of Product Management at BullGuard, the threat comes in for form of a massive phishing spree based around a spam email campaign, discovered by BullGuard, that offers decryption keys for Cryptolocker.
The email says a ‘tool’ can be downloaded that it claims will unlock any files encrypted by Cryptolocker. However, the so called decryption tool is in fact malware. Cryptolocker encryption is so tough that even some of the world’s most powerful computers can’t crack its code, much less a spurious tool sent in an email.
If somebody downloads the ‘tool’ a registry cleaner is installed in the computer which then falsely tells the user they have lots of registry problems. And of course, the only way these so-called ‘problems’ can be remedied is by buying the product the scammers are offering. This, according to Balan, is clearly an attempt to exploit the news coverage of both Cryptolocker and GameOver Zeus.
It plays on people’s fears that their computers will become infected by this malware. However, it’s simply an unprincipled bid to get people to pay for and download something that is not required and which could actually cause damage.
Raluca Stanciu, malware researcher, BullGuard, who identified the phishing campaign said: “Cyber criminals have been quick off the mark following the widespread media coverage around Cryptolocker and GameOver Zeus.
“They’re trying to exploit fear and uncertainty. As a rule, unsolicited emails like this should be ignored. But that said, we can expect to see more similar-themed emails in the coming weeks.
“Malware creators and hackers will piggyback on all sorts of events in an attempt to infect people’s computers and steal their personal details such as credit card numbers. This sort of information is currency and every day it is traded on the deep web, with details being bought and sold to carry out fraud.”