Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Tuesday August 16 2016, @04:28PM   Printer-friendly
from the vigilante dept.

Some may have heard of scambaiting spammers to waste their time and resources. There are many sites like 419eater which concentrate on it. However, Arthur T Knackerbracket has found the following story which takes things a step further. A French security researcher says he managed to turn the tables on a cyber-scammer by sending him malware. Whether or not that is ethical is left as an exercise for the readership.

But Ivan Kwiatkowski played along with the scheme until he was asked to send credit card details. He instead sent an attachment containing ransomware.

[...] When Mr Kwiatkowski's parents stumbled across one such website, he decided to telephone the company and pretend he had been fooled.

The "assistant" on the telephone tried to bamboozle him with technical jargon and encouraged him to buy a "tech protection subscription" costing 300 euros (£260).

Mr Kwiatkowski told the assistant that he could not see his credit card details clearly and offered to send a photograph of the information.

But he instead sent a copy of Locky ransomware disguised as a compressed photograph, which the assistant said he had opened.

"He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Mr Kwiatkowski wrote in his blog.

[...] Mr Kwiatkowski said he could not be absolutely certain whether the ransomware had infected the scammer's computer, but there was a fair chance it had.

"He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," said Mr Kwiatkowski.

"But encrypting a whole file system does take some time."

He acknowledged that some people may have found his retaliation unethical, but said responses had been "mostly positive".


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Touché) by bob_super on Tuesday August 16 2016, @05:48PM

    by bob_super (1357) on Tuesday August 16 2016, @05:48PM (#388750)

    Sent it to you by mail a second ago. Just open the .exe attachment.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Funny=1, Touché=2, Total=4
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by wonkey_monkey on Tuesday August 16 2016, @06:11PM

    by wonkey_monkey (279) on Tuesday August 16 2016, @06:11PM (#388762) Homepage

    Amateur. Should've made it a .gif.pif

    --
    systemd is Roko's Basilisk
    • (Score: 5, Insightful) by bob_super on Tuesday August 16 2016, @06:19PM

      by bob_super (1357) on Tuesday August 16 2016, @06:19PM (#388766)

      .jgp.bat

      I can't understand why "hide extension for known file types" is still the default in Windows after all those years.
      I know they want to dumbify their UI as much as possible, keep the oft-abused "trust the system to use that file for you, you don't need to know", really ?

      • (Score: 5, Informative) by DannyB on Tuesday August 16 2016, @06:27PM

        by DannyB (5839) Subscriber Badge on Tuesday August 16 2016, @06:27PM (#388773) Journal

        It's Mac envy. The classic Mac, back in the day, the Mac that Microsoft was trying to hard to copy, didn't have any file extensions. None. Not even hidden file extensions.

        Files had two additional directory attributes. (You know, files have a name, permissions bits, last used date, etc.) Mac files also had two fields called Type and Creator. If the type was 'application', then the file was executable. Otherwise, the type and creator together determined what application to launch and how the data in that file was interpreted.

        The best Microsoft could do is to hide the file extensions.

        But then, Windows also had this silly idea of 'drive letters', and Mac never had that either.

        It is ironic that modern Mac OS X has gone back to file extensions, when what they had back in the day was so much better.

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 4, Informative) by wonkey_monkey on Tuesday August 16 2016, @06:51PM

          by wonkey_monkey (279) on Tuesday August 16 2016, @06:51PM (#388786) Homepage

          Extensions are a very simple way of differentiating one file type from another. They're extremely portable, too. Aside from the content, a filename is really the only required - and universal - attribute of a file (there may be some esoteric file systems which don't use filenames, of course). So it's the obvious place to put the filetype. Dates and permissions tend not to have any real influence on what is done with the file itself.

          Putting it in the filename also makes it extremely easy to change. Hiding extensions, I agree, was not a great move, but it did stop people buggering them up by mistake.

          RISC OS had a filetype attribute as well, but it was a hexadecimal code ranging from 000-FFF. Probably seemed like a lot back in the day. All I remember off the top of my head is that ff9 was for Sprite files.

          --
          systemd is Roko's Basilisk
          • (Score: 0) by Anonymous Coward on Tuesday August 16 2016, @06:58PM

            by Anonymous Coward on Tuesday August 16 2016, @06:58PM (#388793)

            All I remember off the top of my head is that ff9 was for Sprite files.

            And to think that the graphics of FF9 was polygon based, not sprite based.

            • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @04:52PM

              by Anonymous Coward on Wednesday August 17 2016, @04:52PM (#389183)

              The playstation 1 could not do plain sprites. So what games like ff9 did was create a flat polygon and texture it with the 'desired' sprite.

          • (Score: 2, Insightful) by Anonymous Coward on Tuesday August 16 2016, @07:45PM

            by Anonymous Coward on Tuesday August 16 2016, @07:45PM (#388808)

            Extensions are a very *simple-minded* way of differentiating one file type from another. FTFY. The name of a file, including extensions, in no way guaranties the type of file. Extensions cannot be used to differentiate one file type from another. Trying to do that is what got us into this mess.

            • (Score: 0) by Anonymous Coward on Tuesday August 16 2016, @09:06PM

              by Anonymous Coward on Tuesday August 16 2016, @09:06PM (#388831)

              Telling file types apart is one of the hard problems in computing. There is no simple (or even complex) way to tell file types apart that cannot be gamed by bad actors. Although, if you think you have a solution, I'm sure someone will tell you what is wrong with that technique and why it isn't/shouldn't be used.

              • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @07:43AM

                by Anonymous Coward on Wednesday August 17 2016, @07:43AM (#389041)

                One thing I wish they had was that each file have both a filetype ( like .png ) for the human to see what it was, and a file structure header in the code to tell the computer what it was. If the two file descriptors did not match, it would throw an error. So, if it was an .MP4 file and you renamed it to "anything.mp4", it would still work, but if you renamed it to "anything.avi", it would no longer play, and throw an error saying the computer thinks its an .avi, but its labeled as a .mp4. Please rename it and resubmit.

                This should stop these sneaky programs telling the human its one thing while telling the computer its something else.

            • (Score: 4, Insightful) by sjames on Tuesday August 16 2016, @09:07PM

              by sjames (2882) on Tuesday August 16 2016, @09:07PM (#388834) Journal

              The real problem is that MS further dumbed the system by removing the distinction between run this and open this using an appropriate tool. Then they use the changable extension to decide what to do, and just to complete the disaster, they hide that from the user by default so they have no clue which might happen when they double click. It's like they wanted their users to get infected.

              Of course this is the same bunch of clowns who made the email virus a real thing.

              • (Score: 4, Insightful) by Runaway1956 on Wednesday August 17 2016, @01:11AM

                by Runaway1956 (2926) Subscriber Badge on Wednesday August 17 2016, @01:11AM (#388932) Journal

                Blame? God, I have plenty of blame to pass around. Microsoft is so very obvious. The education system is to blame, for not teaching people. People are to blame for being lazy.

                Recently, the wife was having problems. I tried to help. She begins by explaining that "This is a VLC file" and have to interrupt, "No, that's not a VLC file, it is an Matroska file, which you have told Windows to associate with VLC." She says, no, she's never told Windows to associate files with VLC" and I have to explain that she has, in fact, told, or at least permitted Windows to associate Matroska files with VLC.

                In this case, I succeeded only in making her aware that there are many different kinds of media files, and that VLC may or may not be "the best" program to use with that file. But, her end goal, of burning the file to a DVD was further stymied by her choice of media burning software. It was necessary to find a program which would convert her Matroska file into an avi file, then burn the file to disk.

                File systems and operating systems that DO NOT hide extensions are ultimately "easier" to use, IMHO, because real education and understanding of what you are doing is eventually absorbed by the user.

                Fact is, I'm rather slow to learn new computer skills. But, if I were limited to dumbed down Windows systems that hid the file extensions from me, I would be much slower.

                And, that is where Average Joe is - he can't learn because he can't invest the time to learn, and Windows hides important information from him anyway.

              • (Score: 0) by Anonymous Coward on Wednesday August 17 2016, @01:35AM

                by Anonymous Coward on Wednesday August 17 2016, @01:35AM (#388942)

                At the other site a few years back, Hairyfeet explained this. [googleusercontent.com] (orig)[1] [slashdot.org]
                (It's so obvious when you think about it a moment.)

                The response by tepples there is similar to that of sjames here.
                (Unimpressed that MICROS~1 did it all wrong from the start.)

                [1] Hey, with Dice gone, I'm willing to link directly to the other site now.
                I also noticed that they are now HTTPS-only now (2 years after S/N).

                -- OriginalOwner_ [soylentnews.org]

                • (Score: 2) by maxwell demon on Wednesday August 17 2016, @05:28AM

                  by maxwell demon (1608) on Wednesday August 17 2016, @05:28AM (#389008) Journal

                  Yeah, because the only way to prevent users from changing it is to not show it, right.

                  What about showing it, but omitting it in the rename file input box? Then everyone can see it, but only those who know to use the command line can change it.

                  --
                  The Tao of math: The numbers you can count are not the real numbers.
              • (Score: 2) by FatPhil on Wednesday August 17 2016, @09:09AM

                by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday August 17 2016, @09:09AM (#389053) Homepage
                > Of course this is the same bunch of clowns who made the email virus a real thing.

                The funniest thing about that is that the old virus hoax emails actually predicted what cc:mail etc. would eventually do. It's almost as if MS used "Good Times" as a design spec.
                --
                Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
                • (Score: 2) by sjames on Wednesday August 17 2016, @09:00PM

                  by sjames (2882) on Wednesday August 17 2016, @09:00PM (#389293) Journal

                  It really does seem that way. Then, not satisfied with the damage they'd done, they invented the Word document virus for good measure.

                  They claim they couldn't have known, but I remember well many openly asking them to reconsider when they announced the new 'features' as coming soon.

            • (Score: 2) by wonkey_monkey on Wednesday August 17 2016, @07:33AM

              by wonkey_monkey (279) on Wednesday August 17 2016, @07:33AM (#389039) Homepage

              You got a better idea?

              --
              systemd is Roko's Basilisk
          • (Score: 2) by FatPhil on Wednesday August 17 2016, @09:05AM

            by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday August 17 2016, @09:05AM (#389051) Homepage
            > They're extremely portable, too.

            Yes, that's why JPEG images always ended ".jpeg".
            --
            Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
          • (Score: 3, Informative) by gidds on Wednesday August 17 2016, @02:00PM

            by gidds (589) on Wednesday August 17 2016, @02:00PM (#389108)

            Extensions have one other advantage, and I'm surprised it's not been mentioned yet:

            You can have two files with the same base name but different extensions.  (You can't have two files with the same name but different type/creator codes.)

            Now, anyone who's compiled XXX.c (and maybe XXX.h) to XXX.o, XXX.a, XXX.dll, and/or XXX.exe should be able to see the advantage of that.

            That's one reason why I (a Mac user) found type/creator codes extremely annoying in Mac OS Classic.  The other was the way that the creator code always 'trumped' the type code.  I may have umpteen programs capable of reading text files, but I want them all to open in the same program by default, regardless which one happened to write it last.  Creator codes prevented that.

            FWIW, there's at least one more solution to the problem of identifying file types.  EPOC (the OS used by Psion computers) tries to identify a file by looking at the first 24 bytes.  Files created by most of the built-in apps use these to store file type information, and many other common file types (JPEGs, ZIPs, &c) can be recognised in the same way.  (It falls back to the filename extension when that fails.)

            The advantages of this are that it doesn't need any support from the filesystem, and is preserved when the file is transferred; it's also preserved if the file is renamed, and if it's streamed or embedded &c.

            --
            [sig redacted]
        • (Score: 0) by Anonymous Coward on Tuesday August 16 2016, @06:56PM

          by Anonymous Coward on Tuesday August 16 2016, @06:56PM (#388790)

          Not really that ironic. Given that sharing between computer types is much more common, the bar of users is lower, and most OSes don't use resource forks, I'm not surprised that file extensions are catching on. They are a cheap way to tell what kind of file you are opening and don't depend on the potentially dangerous act of parsing a file for magic numbers on every folder view.

          • (Score: 2) by DannyB on Tuesday August 16 2016, @08:45PM

            by DannyB (5839) Subscriber Badge on Tuesday August 16 2016, @08:45PM (#388823) Journal

            Resource Forks should be a separate topic from not having file extensions that signify a special meaning to the computer -- yet which users can easily change and be fooled by.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 2, Interesting) by Anonymous Coward on Tuesday August 16 2016, @11:11PM

          by Anonymous Coward on Tuesday August 16 2016, @11:11PM (#388888)

          The mac file system had a resource fork to hold that goop. I personally thought it was major pain in the ass.

          https://en.wikipedia.org/wiki/Resource_fork [wikipedia.org]

          I spent many months trying to get those files to work correctly with FAT32. Many times people would store crap in them and you had no idea. When moving files between different systems you had to be very careful to snag those. They were also a really nice spot to hide viri. Also many times it was a good place that many programs stashed their icons, strings, and whatever else (sometimes entire graphic stacks). The reality was you could pretty much put whatever you wanted in them.

          NTFS has an idea of something similar. They are called alternative data streams. There is little reason to use them. Windows mostly uses them to hide meta data of the file (location on the disk, permissions, filename, etc). The extra streams can have the full gauntlet of file permissions. So you could create a file you can access but you can not get at the stream file. Windows did not really use them much because the file system had the idea of 'hidden' where a normal user would not see them but could easily with a couple of switches. Where as with a mac you usually need a special utility to pop them out turn them into files then transfer them and then glue them back together.

          I am honestly surprised more video game manufactures did not use the NTFS version. It would have been a cute DRM by obfuscation that would trip up many people.

          The best Microsoft could do is to hide the file extensions.
          Did you know a DLL is an EXE file in disguise (an MSDOS exe at that which is just a special COM program)? As is a docx file which is a zip file. In MSDOS only 3 or so file types were special. The rest were application specific (and oh boy did people take advantage of it). It is all very 'meta' (hehe). What is a file? How do you tell what should launch it? Do you tag extra stuff on to it like with the Mac? Or encode it somehow (like DOS with its file names) from an archaic system where 128k of memory was huge and every byte counted? On your computer it is easy to say 'this file should launch this way'. But when you start moving between systems you need a meta interdata changer. Things like that just do not exist because many time the fields either do not exist or mean something different. Take something easy like 'author'. In one system it may mean the user owner. On another it may mean the person who created the program. On a third it does not exist at all. To say it should be different ignores the entity of the history of where these computers came from and every byte counted. Many inventors of different files face these very issues. So many encode it right into the file itself. I can name a jpg a png and a png a jpg file in windows. Then set the paint program to open both extensions. However it will not crash out. It will open both as the paint program looks before it jumps in and starts decoding it.