According to reports, a trojan that seizes control of PC files, and demands ransom money from users has been doing the rounds for almost a month. The phenomenon is termed "Ransomware" while the trojan is dubbed "Archiveus". The newly-discovered trojan does not allow victims to access their hard drive, unless the ransom money is paid-up. "Archiveus" copies all files from the 'My Documents' folder to a new folder, encrypts these files with a 30-digit complex password, and deletes the original documents. The trojan leaves a note on the desktop, advising the user not to tell the police, and asking him/her to pay the ransom. -->In some of the reported cases, victims were actually asked to buy drugs from an online chemist to get the password for accessing the PC; in some other cases, they were asked to transfer the ransom money to an overseas bank account. In the former case, the trojan attempted to force victims to buy pharmaceuticals from a Russian Web site for $ 75 or more, depending on the drug. However, the good news is that anti-virus companies have found the password to unlock the data inside the encrypted file that was being used by hijackers to make money. Interestingly, this password was found within the code of the trojan virus itself. It is also learnt that "Archiveus" is using some parts of another ransoming virus called Cryzip that was circulating in March 2006. The scam is believed to have started in the US last year, and has now shown up in Britain. The first victim claimed by the scam, Helen Barrow, a 40-years old nurse, was instructed to buy drugs from an online pharmacy. Her PC got infected when she opened an email attachment that claimed to be an anti-virus. The earlier versions of this trojan were mainly spyware, identity theft, and adware/spyware, some of which instructed victims to pay the ransom money through Web sites including eGold, Webmoney, etc. |
Trojan Hits again
Tuesday, June 06, 2006 at 10:49 AM Posted by PA Jones
Subscribe to:
Comment Feed (RSS)
|