Hello, welcome to the Friday, January 26, 2018 edition of the Sands and its Storm Centers.

Stormcast, my name is Johannes Ulrich.

I'm recording from Jacksonville, Florida.

Xavier today came across an interesting site that offers ransomware as a service.

All you have to do is provide a Bitcoin address to which the ransom will be paid,

how much ranch them you're asking for, and then it will create the binary for you. Now, the particular

site that Xavier found here didn't seem to be quite operational. For example, the support address

is just example at example.com.

Now, the guys that run the website will keep 10% of the ransom for themselves, so for that

you probably should expect better support.

But Xavier then turned around and looked at if he could find some samples on via Google.

And sure enough, he got across a couple of examples

that did match this particular pattern,

and well, sure enough, it was your standard ransomware.

Interesting sort of that this particular ransomware is compiled for 64-bit versions of Windows.

Microsoft's anti-Malver, which Xavier left enabled on his test system, did not actually detect

this particular malware. If you ever scripted an HTTP request, chances are you used lip curl or variation or wrapper

around it.

Well, a lip curl apparently had an interesting security flaw ever since it was first released

in 1999.

The problem here is what happens when lip curling counters redirect. What lip curl does if it's

configured to follow redirects is it sends the same request to this new URL, including all

...