Sep 1, 2003

PC file kidnappers demand ransom

PC file kidnappersA new trojan that holds computer files "hostage" and then then demands a $US300 ($410) ransom for their safe return has been identified by a virus tracking company.

The trojan has been labelled "ransomware" because it uses malicious code to hijack user files and to encrypt them so they cannot be accessed. It then asks for payment in return for the decryption key.

It was discovered by security company LURHQ, which has identified the threat as Cryzip. It is the first ransomware to be identified since May last year when Websense Security Labs found a similar trojan.

LURHQ said that Cryzip encryption was based on a more robust commercial zip library than its predecessor, which applied a custom encryption scheme to files.

The trojan leaves a text message for victims, which tells them they picked it up from an online porn site and warns them not to search for their files or to contact police.

"Do not try to search for a program what encrypted your information - it is simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files you can pay using electonic currency $300," the text message says.

Denial of service attacks are currently the most popular method of extorting money online and internet companies, such as online casinos, are often targeted in these attacks. They are launched by overwhelming their networks using bot-infected computers and money is then demanded to stop the attacks.

The Cryzip trojan seeks to extort money on a much smaller scale and is not believed to be very widespread, said LURHQ.

"As such, most users will probably not have to worry about this threat ... keep in mind, however, that the two incidents in the last 10 months indicate the possible start of a trend of this type of malware, and future incidents may affect a wider swath of users," the company said.

Chris Horsley, security analyst at computer emergency response team Auscert, said no reports of the trojan had yet been received in Australia.

"I suppose this type of attack does have a particular threat to it. To receive an email like this is a very scary proposition, but there are other areas where money can be made more effectively by criminals, namely through keylogging and phishing," he said.

He added that the Cryzip trojan lacked the stealth of other attacks with the extortionist required to make contact with the victim to receive payment.

In a recent security report, Symantec said an increasing trend in computer attacks was the silent theft of data for profit without doing noticeable damage that would alert a user to its presence.

[technorati tags: , , , , , , ]

No comments: