Saturday, 3 March 2007

Worth reading for the good of your egold account

This article is yet another reason to really get serious about
security. I just downloaded a free program from McAfee called Site
Advisor. It's basically a database advisor system of good and
suspicious sites. It will let you know if you are likely at a site on
which there may be some type of malware which someone is attempting to
load onto your computer.

"Virus Encrypts Data, Demands Ransom
Trojan horse asks you to pay $300 to regain access to your documents.
Jeremy Kirk, IDG News Service
Thursday, March 16, 2006 06:00 AM PST

A virus that encrypts documents and demands a ransom to get them back
is circulating on the Internet, but at least one security company has
released the password needed to recover the files.

The Trojan horse virus encrypts the contents of a user's Word
documents, databases, or spreadsheets, and then leaves a file
demanding $300 in exchange for the password to access the information,
said Graham Cluley, senior technology consultant with security company
Sophos. A text file directs victims to transfer money to one of 99 RUN
BY E-GOLD, a company that runs a money transfer site.

Similar "ransomware" schemes have been traced back to Russia, and
occurrences of this type of attack appear to be growing, Cluley said.
This latest one is notable because it is the first attempt in English,
Cluley said.

It's unclear how the virus is spreading. It doesn't appear to have
been widely sent via spam e-mails, Cluley said, so it may be embedded
in a Web page and spread through a so-called drive-by install, a
method that doesn't require users to actively click on and download an
attachment.
Password Found

After encrypting the data, the Trojan deletes itself. However, the
password to unlock the data is actually contained in the Trojan and is
used in the process of encrypting the files. Technicians at Sophos
extracted the password, which is made to look like a file path
name--C:\Program Files\Microsoft Visual Studio\VC98.

The authors may have used the file path name in order to disguise it
so that it doesn't look like the password, Cluley said.

Sophos has heard indirectly of some infections, but the virus does not
appear to be widespread, Cluley said.

Separately, Sophos has detected another virus that uses a current news
event--the death of suspected war criminal Slobodan Milosevic--to dupe
users into opening a malicious attachment. The spam message claims to
have a photo containing secret evidence about the death of the former
Yugoslav President, who was on trial at The Hague. His sudden death on
Saturday prompted an investigation after he had complained of
inadequate medical treatment.

The viral message claims to have been scanned by "Kaspercky
Antivirus," a misspelling of security vendor Kaspersky Lab. E-mail
messages often contain a notice asserting the message has been scanned
for malware.

The use of current news events to prompt curiosity is a well-used ploy
by virus writers. The virus contained in the Milosevic attachment
tries to download other malicious programs and could give an attacker
control over the computer, Cluley said."

No comments:

Saturday, 3 March 2007

Worth reading for the good of your egold account

This article is yet another reason to really get serious about
security. I just downloaded a free program from McAfee called Site
Advisor. It's basically a database advisor system of good and
suspicious sites. It will let you know if you are likely at a site on
which there may be some type of malware which someone is attempting to
load onto your computer.

"Virus Encrypts Data, Demands Ransom
Trojan horse asks you to pay $300 to regain access to your documents.
Jeremy Kirk, IDG News Service
Thursday, March 16, 2006 06:00 AM PST

A virus that encrypts documents and demands a ransom to get them back
is circulating on the Internet, but at least one security company has
released the password needed to recover the files.

The Trojan horse virus encrypts the contents of a user's Word
documents, databases, or spreadsheets, and then leaves a file
demanding $300 in exchange for the password to access the information,
said Graham Cluley, senior technology consultant with security company
Sophos. A text file directs victims to transfer money to one of 99 RUN
BY E-GOLD, a company that runs a money transfer site.

Similar "ransomware" schemes have been traced back to Russia, and
occurrences of this type of attack appear to be growing, Cluley said.
This latest one is notable because it is the first attempt in English,
Cluley said.

It's unclear how the virus is spreading. It doesn't appear to have
been widely sent via spam e-mails, Cluley said, so it may be embedded
in a Web page and spread through a so-called drive-by install, a
method that doesn't require users to actively click on and download an
attachment.
Password Found

After encrypting the data, the Trojan deletes itself. However, the
password to unlock the data is actually contained in the Trojan and is
used in the process of encrypting the files. Technicians at Sophos
extracted the password, which is made to look like a file path
name--C:\Program Files\Microsoft Visual Studio\VC98.

The authors may have used the file path name in order to disguise it
so that it doesn't look like the password, Cluley said.

Sophos has heard indirectly of some infections, but the virus does not
appear to be widespread, Cluley said.

Separately, Sophos has detected another virus that uses a current news
event--the death of suspected war criminal Slobodan Milosevic--to dupe
users into opening a malicious attachment. The spam message claims to
have a photo containing secret evidence about the death of the former
Yugoslav President, who was on trial at The Hague. His sudden death on
Saturday prompted an investigation after he had complained of
inadequate medical treatment.

The viral message claims to have been scanned by "Kaspercky
Antivirus," a misspelling of security vendor Kaspersky Lab. E-mail
messages often contain a notice asserting the message has been scanned
for malware.

The use of current news events to prompt curiosity is a well-used ploy
by virus writers. The virus contained in the Milosevic attachment
tries to download other malicious programs and could give an attacker
control over the computer, Cluley said."

No comments:

Money making search

Google Custom Search