What’s the whole point of CIS + CID if the attached file can’t be blocked?
:-TD
I removed the rar archive which by the way was empty.
Please don’t post links to live malware in the public part of the board.
Just imagine how diabolical the situation might have been without. 
Partially related to this:
Dunno why it was empty; it is 559KB password protected web-complete archive.
I just tried it again, and you’re right, the file size = 0.
Is it because I’m in the sandbox that it won’t upload?
EDIT: yep, that’s why. I copied the RAR to the real documents folder and the upload went.
Totally evil looking official you’re-in-big-trouble web-page from the FBI. Got the whole thing locked out can’t do nothing. The clock ticks down with the warning unless the injunction fee levied against my system isn’t paid by the time to clock ticks to 0, FBI agents will darken my doorway to haul me and the PC away for being bad.
[attachment deleted by admin]
Thank you for the password by pm.
Does it lock down your computer or is it just a scare?
That’s why I took all the thumbs away in the OP.
Pretty much locks the browser up. Thing is, in IE you can kill tab processes w/ out terminating the whole session. In CID that’s not possible; its all or nuttin’. That notwithstanding, CID runs in the sandbox, so not all that concerned. In any case, the dialogue to ‘leave or remain’
answered ‘stay’ will allow access to stuff; that’s how I managed to save the web-page. Turns out that CID ab-end restart is pretty cool. ;D
I got rid of all the other tabs, and relaunched the FBI-ware out of History and got a handle on the IP address that was serving serving this ■■■■ up (it remained consistent). It took awhile to finger out how to get that tab isolated so I could get a handle on the IP addys. :-[
The previous one, i.e., nbcpolice.net, returned a domain name owner. But the specific IP address DNS lookup returned “”. For the web-site contained in the RAR, the domain name would not resolve with DNS. DNS lookup returned a null-record for the IP address.
I then utilized the Web Forgery feature in CID. I put the domain names into the IE restricted zone. I created block rule IP any for IP addresses, and added the domain names to the ransomware category in Web Filtering.
Then I took a look at the code; this is a JavaScript exploit. That can’t be disabled in CID.
Update 2013.12.31 - Cyber criminals responsible for creating this scam started using [i][b]CloudFlare[/b][/i] services and are masking the real source of their ransomware with these URLs:hxxp://alert.police-agent-secure.com hxxp://Block.highqualitypolice.net hxxp://Block.policeprotector.biz hxxp://Cops-help.com hxxp://Police-help.com hxxp://Error.servepolice.biz hxxp://Error.safestep-police.net hxxp://Alert.policeprotector.biz hxxp://Police-service.net hxxp://Error.expresspolicelocation.com hxxp://AlmostPolice.co hxxp://FormalPolice.org hxxp://Nominalpolice.com hxxp://PoliceGuardState.org hxxp://Police-save.second-shine.com hxxp://Police-save.empirehydrogen.org hxxp://TrustPolice.biz</blockquote>
:P0l
Does restarting the browser and cleaning cache fix the problem?