Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Intel Security scares ransomware script kiddie out of business

Tim Greene | June 5, 2015
Part criminal entrepreneur, part naïve coding enthusiast, maker of Tox ransomware kit calls it quits.

Tox downloads cURL, a tool that sends and retrieves files using URL syntax, as well as the Tor client.

The creator of Tox blames Walter's blog for forcing him/her out of business.

"Even before the website was ready to host users," Tox writes, "the McAfee blog was featuring the article about this platform. Then the number of the users started growing. From 20 to 50, from 50 to 100, it was doubling every day. Infections, with a little delay, started growing too. In just one week, the platform counted over one thousand users and over one thousand infections, with an average of more than two hundreds of polling viruses per half-hour."

Tox doesn't show any remorse in the posting that announces his plans to shut down. In fact, Tox boasts about the ingenuity it took to create the kit, and admires the selflessness of other hackers he met in chatrooms who helped him test his malware.

"In these days, in the chat," Tox writes, "people helped me testing and debugging the virus, but the most interesting part is that they suggested [to] me how to improve it. I don't think that such a great brainstorming has ever happened in the process of designing a virus. Users were spurred to help me improving the platform, for their own good."

"Some have said I think out of the box, others said I'm a kid who just developed the worst ransomware ever. I think that both opinions may be true, but one thing is objectively true: with Tox, I opened a door for a whole new way of thinking. I'm sure that others will try to replicate what I did. Not just for bad reasons, maybe somebody (maybe myself?) will find out how to do something good based on all this."

Despite the braggadocio, Intel's Walter rates the skill level required to produce Tox at a three or four out of 10, but it is a notable step in the evolution of ransomware. "Tox is lowering the skills barrier' and making these ransomware capabilities available to a broader community of prospective ransomware cybercriminals," he says in an email.

Tox's take: "[I]f I really was a team of hard core hackers, with time and resources, this would have become one the greatest viruses ever."

This may be the first franchise model for ransomware, and it likely will inspire copycats, Walter writes. "We don't expect Tox to be the last malware to embrace this model," he says. "We also anticipate more skilled development and variations in encryption and evasion techniques."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.