GitHub and SourceForge being used to serve up ransomware
Say what you want about all those creeps out there that try to con you into downloading and installing malware but there is no denying that they can get pretty darn creative in their methods. This newest attempt tries to get you interested by spamming you with emails promising primo links of "celebrity nude pics" and videos.
GFI Labs is reporting that there is an on-going massive and "determined" spam campaign happening that is trying to entice people into clicking on links that will take them to pages of fake nude pictures and videos of famous people like actresses, singers, US news reporters, and wrestlers.
The problem is that they aren't only getting fake images, but they are also having ransomware installed on their computers in the background.
For those not familiar with the term ransomware, it is a type of malware that can do anything from encrypting documents and images to totally blocking access to the infected machine. The only thing the user will see when logging on to their machine or trying to access documents is a prompt demanding that they pay a certain amount of money to unblock the files, or machine.
What is different about this campaign is where these ransomware installs and where they are being hosted and deployed from. As GFI Labs has found out, both GitHub and SourceForge are being used as the hosts for these ransomware packages. What makes this so bad is that both of these sites are well respected and very popular. These sites are file repositories for open source software projects, and by using these sites there is a certain air of respectability associated with any links to those sites.
This is an example of search results for fake nude pics on the GitHub site:
The amount of money being demanded by these scam artists varies but as you can see from the image below, the amount can get as high as $300. Often times, the ransom money is accompanied with text that accuses them of downloading pornography and that they had better pay up or else.
Of course the last thing you should do is pay this 'ransom'. Instead, find a friend or a professional that can clean out your computer for you if you don’t know how to do it yourself.
via The Next Web