Computer Secure
Online Security
A N T I - S P Y W A R E
A N T I - V I R U S
S A F E B R O W S I N G
- FREE VIRUS HELP
- Free online scans, worm removal etc.
- Security News
- Latest Virus News
- Computer Security News
- Useful Information
- About Passwords...
- More About Adware
- More About Spyware
- More About Viruses, Worms & Trojans
- Other Tools.
- Registry Repair
- Other Articles/News.
- Computer SecurityBroadband Internet
- Networks
- Data Recovery
- Software
- And more:
- Articles Index
- Blog
- (with more security news.)
- And you can use our
- Amazon Store
- to see reviews of security software.
Norman.com
Visit Norman.com for quality security software:
antivirus, anti-spyware and internet security.
Norman's security specialists also provide useful articles and security news.
Norman.com
"Ransomware"
I see in the news that some 'ransomware' has (re)surfaced in August 2007. The article below talks about ransomware. It refers to Trojan.Pgpcoder in particular – which is an older vintage, but the principle is the same.
"Ransom Trojan" Uses Cryptography for Malicious Purpose
Every day millions of people go online to find information, to do business, to have a good time. Alas, some people go there to commit crimes. Though crimes have been committed via the Internet almost from its very launch, now cybercriminals become dangerous as never before.
We've been warned lots of times about stealing data -- identity theft, phishing scams and pharming; we have at least heard of denial-of-service attacks and "zombie" computers, and now one more type of online attack has emerged: holding data for ransom. Extortionists remotely encrypt user files and then demand money for the key to decode the information.
Experts say it is not yet a tendency; websites that used to infect users with the Trojan, have been put down. Besides, this program, Trojan.Pgpcoder, exploits a vulnerability in Microsoft Internet Explorer, which users should have patched as long ago as last July.
(see www.microsoft.com/technet/security/Bulletin/MS04-023.mspx). However, there is no guarantee that such attacks won't appear in future, and all PCs will be patched at that time.
Websense, the San Diego-based Web security company, was the first to report such a case two weeks ago, when its customer fell victim to the attack.
Researchers at Symantec also have seen the malicious program used in the ransom attack. Oliver Friedrichs, a senior manager at Symantec Security Response said that attackers could use a website, email, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign.
When the user visits a malicious website, his unpatched PC gets infected with a Trojan Horse (downloader-aag). This Trojan Horse downloader connects to another website, downloads the encoding application, and runs it.
The malicious encoding program searches for 15 common file types, including images and Microsoft Office files on the computer and encrypts them, and deletes the original files.
Then it creates a file with a ransom note called “Attention!!!”, where demands $200 for a tool needed to decrypt the files.
There is a weak spot in the attackers' scheme. It is possible to trace the money and to catch the extortionists when they try to collect the ransom. Maybe, it will prevent this kind of cybercrime from spreading.
Time will show whether we see this Trojan attack again or something similar appears and there will be a real need for a name for such type of Trojans -- how do you like "ransomware"? I have already seen this word used, but let's hope for the best.
Anyway, it is wise of users to keep anti-virus and security software up-to-date and back up data. Just to be on the safe side.
Alexandra Gamanenko
We've been warned lots of times about stealing data -- identity theft, phishing scams and pharming; we have at least heard of denial-of-service attacks and "zombie" computers, and now one more type of online attack has emerged: holding data for ransom. Extortionists remotely encrypt user files and then demand money for the key to decode the information.
Experts say it is not yet a tendency; websites that used to infect users with the Trojan, have been put down. Besides, this program, Trojan.Pgpcoder, exploits a vulnerability in Microsoft Internet Explorer, which users should have patched as long ago as last July.
(see www.microsoft.com/technet/security/Bulletin/MS04-023.mspx). However, there is no guarantee that such attacks won't appear in future, and all PCs will be patched at that time.
Websense, the San Diego-based Web security company, was the first to report such a case two weeks ago, when its customer fell victim to the attack.
Researchers at Symantec also have seen the malicious program used in the ransom attack. Oliver Friedrichs, a senior manager at Symantec Security Response said that attackers could use a website, email, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign.
When the user visits a malicious website, his unpatched PC gets infected with a Trojan Horse (downloader-aag). This Trojan Horse downloader connects to another website, downloads the encoding application, and runs it.
The malicious encoding program searches for 15 common file types, including images and Microsoft Office files on the computer and encrypts them, and deletes the original files.
Then it creates a file with a ransom note called “Attention!!!”, where demands $200 for a tool needed to decrypt the files.
There is a weak spot in the attackers' scheme. It is possible to trace the money and to catch the extortionists when they try to collect the ransom. Maybe, it will prevent this kind of cybercrime from spreading.
Time will show whether we see this Trojan attack again or something similar appears and there will be a real need for a name for such type of Trojans -- how do you like "ransomware"? I have already seen this word used, but let's hope for the best.
Anyway, it is wise of users to keep anti-virus and security software up-to-date and back up data. Just to be on the safe side.
Alexandra Gamanenko
Author Details:
Linguist by profession, Alexandra Gamanenko currently takes part in a design studio project. This design studio offers localization and translation of websites into Russian and Ukrainian, as well as lots of other useful services.
Learn more -- visit the website http://www.clever-crayon.com
Alexandra Gamanenko may be contacted at http://www.anti-keyloggers.com or gamanenko@anti-keyloggers.com
Linguist by profession, Alexandra Gamanenko currently takes part in a design studio project. This design studio offers localization and translation of websites into Russian and Ukrainian, as well as lots of other useful services.
Learn more -- visit the website http://www.clever-crayon.com
Alexandra Gamanenko may be contacted at http://www.anti-keyloggers.com or gamanenko@anti-keyloggers.com
See also:
Our page about Antivirus tools.
The most widely used and well known brands are not always the best, they just have better marketing.
We discuss virus, worm and trojan horse protection – and which companies are the real anti-virus specialists you can rely on.
Menu
Norman.com
Visit Norman.com for quality security software:
antivirus, anti-spyware and internet security.
Norman's security specialists also provide lots of useful articles and security news.
Norman.com
© Copyright computersecure.net 2007 All rights reserved.