Obvious Scam but..

Outcast · 18 Mar 2016 at 15:13

How did they get all my details perfectly correct ?

(Name, Address, & Phone Number)

*** link to malware removed ***

So I googled ruebsamen and it appears to be some kind of computer fan site.

=================================================

Ok so I downloaded the Zip file and pulled it into Virtualbox and ran it..

Ta Daaaaar.....

RansomWare

Question remains though .... How'd they get my exact details ?

Outcast · 18 Mar 2016 at 15:17

Jono said:
Is that information on a public facebook profile or something?

Nope !

Outcast · 18 Mar 2016 at 15:34

Halfmad said:
Seen a few ransomware attacks in the past year, it's all too common in large companies sadly especially those with access to personal e-mail at work.

OP chances are they got your details from a hacked site you had shared them with, 707 million accounts were compromised in 2015 alone according to recorded/reported breaches. It's also now more common for your basic information to be shared between companies under data sharing agreements without consent, with implied consent, or with consent but lots of small print.

Thanks for that heads up as The Wife and I were a tad concerned about the correct details !

Outcast · 18 Mar 2016 at 15:40

I just sent an email to the CEO and it's just been returned failed.

I have just received an email supposedly from your company.

Your request has been satisfied.

You can read contract here: URL removed

Original will be sent to the next adress:

With my CORRECT home address including postcode AND phone Number. I don't believe I have ever ordered anything from your site and so I'm a bit mystified !

I had strong suspicions about this email and so used private browsing to go to the link and downloaded the Zip (Ok..So at this point I knew it would be a scam)

Feeling confident as I run linux I opened the zip up in a Virtual session of Windows and low and behold.. It's RansomWare !

I realise this is obviously not from yourselves but thought it might be in your interests to know your company name has been attached !

Regards

Paul !

Ps.. This link below is a screengrab I took and uploaded to imgur

Outcast · 18 Mar 2016 at 15:53

I have no idea.

There was bugger all on the VB image which is why I test ran it !

Outcast · 19 Mar 2016 at 15:46

FishFluff said:
I can't quite make out what's going on in that tiny screenshot

Well I'm running a 4k monitor so if you download the pic I'm confident it'll retain enough pic info if you double the resolution !

Outcast · 19 Mar 2016 at 15:52

Mynight said:
It's probably not advisable to open in VMs anymore there's been a couple that "break out" normally via the network as the host is connected. Can't imagine ransomware is too far away from utilising such a feature to slow down AV vendors testing it.

Thanks for that Heads Up.

I actually made the mistake of not cloning the Win7 image before I tested out that scr. I realised my Boo boo when I deleted the image afterwards so ultimately I've still got to "Clean Install" Win 7 back into VB

And update..

And Reboot

And Update...

And Reboot.......

Doh !

Outcast · 19 Mar 2016 at 17:16

Well that's good news but it changes focus to....

Who got all my details !!