<http://news.bbc.co.uk/2/low/technology/4580389.stm>
The BBC
| Entertainment | Have Your Say | Week at a Glance
Wednesday, 25 May, 2005, 17:13 GMT 18:13 UK
Trojan holds PC files for ransom
A unique new kind of malicious threat which locks up files on a PC then
demands money in return for unlocking them has been identified.
The program, Trojan.Pgpcoder, installs itself on a vulnerable computer
after users visit certain websites.
It exploits a known vulnerability in Microsoft's Internet Explorer (IE).
Net security firm Symantec said the program had not spread quickly, but was
another example of rising criminal extortion activity on the net.
The malware - harmful software - was first identified by US net security
firm Websense.
Ransom note
The program, once it installs itself unbeknown to a user, triggers the
download of an encoder application which searches for common types of files
on a computer and networked drives to encrypt.
The threats on the net
When a file is encrypted, usually for security and privacy purposes, it
can only be decrypted with specific instructions.
The trojan replaces a user's original files with locked up ones, so that
they are inaccessible. It then leaves a "ransom note" in a text file.
Instructions to release the files are only handed over when a ransom fee is
paid, according to Websense.
The electronic note left on the computer gives details of how to meet the
demands via an online account.
TROJAN.PGPCODER
* Malicious website drops and runs a Trojan (downloader-aag)
* Encoding program adds items to the Windows start-up registry
* Creates a status file called "autosav.ini" with information on
the files that have been encoded
* Creates a file called tmp.bat in the directory where it was run
to delete itself upon completion
* Creates a file called "Attention!!!" with instructions on how to
get your files decoded
* Sends an HTTP status request to the server it was downloaded
from
"This attack is yet another indicator of the growing trend of criminals
using technology for financial gain," said Kevin Hogan, senior manager at
web security firm Symantec.
"This Trojan horse is certainly an example of using cryptography for
malicious purposes.
"It is the equivalent of someone coming into your home, locking your
valuables in a safe and refusing to give you the combination."
But because it is classed as a trojan, it does not send itself out to
contacts that a user might have stored on a computer, like viruses. This
limits its ability spread around to high levels, "in the wild", said
Symantec.
Computer users are urged to ensure their anti-virus and security software
is up-to-date.
--
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
