Personal Tech Pipeline | New Trojan 'Kidnaps' Files, Demands $300 Ransom

White Papers

Sponsor Resources

WebCasts
Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

March 16, 2006

New Trojan 'Kidnaps' Files, Demands $300 Ransom



Courtesy of TechWeb News

A Trojan is loose that locks up files and then demands a $300 ransom to return access, several security firms said Thursday, but at least two have discovered the password needed to free the files.

Dubbed "Cryzip" by some anti-virus vendors and "Zippo.a" by others, the Trojan archives 44 file types -- including .doc (Microsoft Word), .pdf (Adobe Acrobat), and .jpg (images) -- with a ZIP library, then password-protects the files and deletes the originals.

A "ransom note" is left on the machine, and reads in part: "Do not try to search for a program what encrypted your information - it is simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files you can pay using electonic [sic] currency $300.

"Reporting to police about a case will not help you, they do not know password."

At least two security firms, however, have dug up the password, which was left in plain view within one of the DLL files dropped by the Trojan. According to both Sophos and LURHQ, the password is:

C:\Program Files\Microsoft Visual Studio\VC98

"Because this string often appears inside projects compiled with Visual C++ 6, the author likely figured anyone who found the infecting DLL and examined its strings looking for the password would simply overlook it," LURHQ wrote in its Cryzip advisory.

"There should be no need for anyone to pay the reward," said Graham Cluley, a senior technology consultant with Sophos, in a separate statement. "It looks like this password was deliberately chosen by the author in an attempt to fool analysts into thinking it was a directory path instead."

Victims can use any ZIP utility to unlock the files with the password.

Ransom-like attacks, labeled "ransomware," are rare. The last full-fledged attack was in May 2005 when another security company, California-based Websense, spotted a Trojan that demanded $200 for a decryption key.

Other, and more common, forms of ransomware-style attacks are used by bogus spyware vendors, who claim that users' PCs harbor massive amounts of adware and spyware, and try to sell their phony products to spooked consumers.

E-mail This Story
Print This Story
Reprint This Story




Get the latest Personal Tech news, product info, and trends every week.


Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed



Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

<A HREF="http://as.cmpnet.com/event.ng/Type=click&amp;FlightID=48963&amp;AdID=81851&amp;TargetID=347&amp;Segments=118,902,1411,3108,3448,4763,5080&amp;Targets=347,2625,2878,4234&amp;Values=34,46,51,63,77,84,93,100,140,205,222,227,442,645,646,1184,1405,1431,1766,1785,1798,1901,1925,1945,2217,2299,2310,2328,2352,2678,2787,2956,3235,3256,3347,3385&amp;RawValues=&amp;Redirect=http://www.thesmbadvantage.com" target="_top"><IMG SRC="http://i.cmpnet.com/ads/graphics/as5/ht/custom/HewlettPackard/WW/hsw_5011_CMP_125x125.gif" WIDTH=125 HEIGHT=125 BORDER=0></A>
Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?


In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.



PERSONAL TECH PIPELINE MARKETPLACE (sponsored links)
On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

EMC SAN helps El Camino deliver superior service
EMC CLARiiON and Centera systems are helping El Camino Hospital provide better patient care. The hospital can quickly and effortlessly monitor, modify, and protect the availability of its entire storage environment while saving money ($150,000)

SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.


Buy a Link Now


Top ten search terms from the TechWeb TechEncyclopedia
Stellent eSeminar "Approaches to Metadata Design" on March 23
CSC Worldwide IT consulting, systems integration, outsourcing
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia