Joined: 20 Oct 2005
|Posted: Thu Mar 16, 2006 5:44 pm
Post subject : New virus demands ransom
|IN THE equivalent of a hold-up in cyberspace, a new computer virus locks up a user's file with encryption and demands a $US300 ($405) "ransom," security experts say.
The so-called "ransomware" Trojan was discovered Saturday by the security firm LURHQ, which said it was based on a similar scheme perpetrated 15 years ago.
Users whose computers are infected receive an email stating that their files have been encrypted and would not be unlocked unless they transferred $US300 to a special account.
In poorly written English, the message said: "Do not try to search for a program what encrypted your information - it simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files, you can pay using electronic currency 300 dollars. Reporting to police about a case will not help you."
LURHQ said it was not clear how the Trojan, known as "Zippo" was spread, but experts said it could be through infected email or from visiting certain websites.
"Infection reports are not widespread, so it is not believed this is a mass threat by any means," LURHQ said.
"Malware of this nature is actually more successful when it is delivered in low volumes, as it is less likely that anti-virus vendors will have detection for it, and more attention means the likely closing of the accounts used for the anonymous money transfer."
The Trojan "is bold as brass, scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have 'kidnapped' your files." said Graham Cluley, senior technology consultant for the security firm Sophos.
"Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash."
However Sophos and LURHQ discovered the password - C:/Program Files/Microsoft Visual Studio/VC98 - a code disguised as a file.
"So there should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it," Mr Cluley said.