Posted on 03/15/2006 11:34:19 PM PST by martin_fierro
New virus seeks 'ransom' for computer files
Wed Mar 15, 12:56 PM ET
WASHINGTON (AFP) - In the equivalent of a holdup in cyberspace, a new computer bug locks up a user's file with encryption and demands a 300-dollar "ransom," security experts say.
The so-called "ransomware" Trojan was discovered Saturday by the security firm LURHQ, which said it was based on a similar scheme perpetrated 15 years ago.
Users whose computers are infected receive an e-mail stating that their files have been encrypted and will not be unlocked unless they transfer 300 dollars to a special account.
In poorly written English, the message said, "Do not try to search for a program what encrypted your information -- it simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files, you can pay using electronic currency 300 dollars. Reporting to police about a case will not help you."
LURHQ said it was not clear how the Trojan was spread, but experts said it could be through infected e-mails or from visiting certain websites.
"Infection reports are not widespread, so it is not believed this is a mass threat by any means," LURHQ said.
"Malware of this nature is actually more successful when it is delivered in low volumes, as it is less likely that anti-virus vendors will have detection for it, and more attention means the likely closing of the accounts used for the anonymous money transfer."
The Trojan "is bold as brass, scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have 'kidnapped' your files." said Graham Cluley, senior technology consultant for the security firm Sophos.
"Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash."
However Sophos and LURHQ discovered the password -- C:/Program Files/Microsoft Visual Studio/VC98 -- a code disguised as a file.
"So there should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it," Cluley said.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
Damn, I didn't know the Nigerians were branching out into virus writing.
go here for our Nigerian freinds in action lol
That would be my guess. Still, this would take quite some time to work if it was REALLY encrypting all the material on your hard drive. I've never heard of this, and I suspect its an urban legend.
I have a quick question: If I were to get infected and it wipes out everything, would installing a new hard drive fix it?
Of course. But examine the story carefully:
Users whose computers are infected receive an e-mail stating that their files have been encrypted and will not be unlocked unless they transfer 300 dollars to a special account.
1. It obviously doesn't impede the operation of the computer. You can get email, and get on the internet.
2. They communicate with you directly, meaning they have to get your email account from somewhere. One to one communication, via the internet, with a person you're trying to scam with a destination? Complete with a traceable destination for the money? Unlikely with a virus you are attempting to diseminate widely, while not ending up in jail. You would need hundreds of employees to make this work.
This is probably another e-mail scam. "We can damage your precious, precious data. Send us some money, so we can laugh at you for believing us." That, or its a scam targeted on a very small number of users. Odds are it won't be you.:)
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
"You have just received the Amish virus.
Since we have no electricity or computers, you are on the honor system.
Please delete all of your files on your hard drive. Then forward this message to everyone in your address book.
We thank thee."
No joke.
The password is:
C:\Program Files\Microsoft Visual Studio\VC98
For heaven's sake, people, if you know anyone with this virus, have them try this string as password. It was selected because it appears in plain text in many many Windows files and the virus writer thought it would be overlooked. Or so I've been told.
Petronski: proudly posting WITHOUT reading the article since 1998.
(ugh)
If someone sends money, they will certainly nail the perp/s!
ping
"All your files are belong to us"
Well, in fairness, I have seen some appallingly bad English here on FR.
There was a virus like this a couple of years or more ago. The earth is still spinning and we have not been hurled into space. The old saying "never mix business and pleasure" holds true in computing.
No, I'm afraid not. In fact, just replacing the computer won't be enough either. You'll need to first burn down your house, then buy a new house in another state. It's assumed that the next major release of this trojan will require a fresh install on a new computer in a different country. We'll be in trouble when the following rev requires that we leave planet earth in order to get rid of this trojan!
Sorry, I couldn't resist... A new hard drive will be fine. Of course, you don't really need a new hard drive either. Just get a free "killdisk" utility, and make sure that you've wiped the disk before a fresh install. However, in most cases, this is complete overkill. Usually, an infection can be completely removed by someone who knows what they're doing. However, it may or may not be worth it, cost wise.
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.