Author Topic: Trojan horse: Your money or your files (Read 965 times)

Clive · « **on:** April 29, 2006, 18:26 »

Joris Evers, CNET News.com
Published on ZDNet News: April 28, 2006, 5:21 PM PT

In another example of "ransomware," a new Trojan horse threatens to delete files unless the victim pays up, security experts have warned.

When activated, the Trojan horse, dubbed Ransom-A by antivirus company Sophos, displays some explicit images. It then shows an expletive message that demands a $10.99 payment, or it will delete one file every 30 minutes, security experts at SophosLabs said in a statement published Friday.

"This Trojan horse is designed to take your data hostage and tries to scare users into paying up quickly by threatening to wipe files one-by-one," Graham Cluley, senior technology consultant at Sophos, said in the statement.

The Trojan asks for payment via the Western Union money transfer service and promises delivery of a special disarming code after the ransom is paid, Sophos said.

This is the second example of malicious software that seeks to extort money in as many months. In March, a Trojan horse that encrypts victims' files and demands a $300 payment to have them decrypted and unlocked made the rounds. A similar attack was spotted in May of last year.

"Our concern is that this may be the beginning of a growing trend of malware designed to extort money," Cluley said.

Sophos recommends that people make backups of their data and run updated security software for protection against pests such as these ransom-demanding Trojans. As a general rule, Internet users should be cautious when opening e-mail attachments and surfing untrusted Web sites.

http://news.zdnet.com/2100-1009_22-6066636.html

Simon · « **Reply #1 on:** April 29, 2006, 22:44 »

This is getting scary now! :ooo:

Reno · « **Reply #2 on:** April 30, 2006, 03:52 »

Quote

Forget about originality, there's a whole new trend out there among those who create malware, as security experts have discovered and warn about yet another "ransomware" Windows trojan out on the loose.

Security company Sophos has named the new trojan application Troj/Ransom-A which, when activated, displays images with pornographic content and then shows a message specifically demanding $10.99. Otherwise, it threatens to delete one file at a 30-minute interval.

"Listen up muthaf***a. is this computer valuable. it better not be. is this a business computer. it better not be. do you keep important company records or files on this computer. you'd better hope not. because there are files scattered all over it tucked away in invisible hidden folders undetectable by antivirus sofware the only way to remove them and this message is by a CIDN number."

Oh and it has quite an attitude, too. Should the user try to shut down the process by using the [Ctrl]+[Alt]+[Del] key combination, the trojan blocks it and displays a new message.

"Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S."

Just when you'd think that there's nothing more to it, well, we've got news for you. The trojan has one further claim: the payment must specifically be made via the money transfer service provided by Western Union.

The "author" gives an e-mail address where to he can be contacted and, in return for those who actually send the money, a special disarming code ? that CIDN number they mention - will be sent.

According to Sophos, the trojan seems to spread as a disguised file on peer-to-peer sharing networks, catching users by surprise.

Sophos recommends computer users to download the latest anti-virus security upgrades, make backups of their important data, stop surfing on untrusted web sites and be careful about the attachments they receive in e-mails and the files they open.

http://www.playfuls.com/news_02254_New_Ransomware_Windows_Trojan_Demands_1099.html

This is actually quite bold, although im sure whatever email he's using will be easy as hell to trace. This fellows going to be in court in no time.

Sandra · « **Reply #3 on:** April 30, 2006, 04:04 »

In a way I can understand people making money out of something like that more than the people who just send out spam and viruses.

They get nothing out of the trouble they cause, well I suppose spammers must get something but I dont really know how :?

Mac · « **Reply #4 on:** April 30, 2006, 08:31 »

These Trojans and virii certainly do seem to be going forth and multiplying.