Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

New encryption Trojan roving for victims

Ransom malware hits UK.

By John Dunn | Techworld | Published: 15:56, 01 June 2006

A new Trojan that encrypts data files before demanding a ransom has been discovered, after a woman in the UK was locked out of files on her Windows PC.

Arhiveus-A (also known as MayAlert), demands that victims make purchases from one of three online drug stories in return for the password to unlock files.

Anyone attempting to load one of a number of types of data files discovers that they have been zipped into an archive that throws up a ransom message:

“Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password.”

“Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore,” the Trojan announces, having deleted itself in order to make its identity harder to detect.

Contrary to some reports, the technique is not new. In March an almost identical Trojan, dubbed Cryzip, struck one UK resident who contacted Techworld after being asked to pay $300 to an e-gold account.

The encryption Trojan first reared its head in Spring 2005, when a piece of malware of Russian origin was discovered to be using the technique.

The new Trojan differs only in its demands and its passphrase form these examples. Cryzip used a directory path while, according to security company Sophos, Arhiveus-A can be unlocked after applying the randomly-generated string “mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw”.

"Internet hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future,” said Graham Cluley of Sophos.

A distinctive element of the encryption Trojan phenomenon is its small scale, deliberately setting out to his relatively only a handful of victims. This helps it avoid publicity and therefore early detection. Cryzip and Arhiveus-A are very likely only the early stages of a new malware epidemic of small-time crookery.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.