Taken hostage

Apparently bored with creating viruses, trojans and phishing e-mails, hackers are taking a new approach by holding files hostage for ransom.

  • E-Mail
By  Chris Fernando Published  May 24, 2005

Apparently bored with creating viruses, trojans and phishing e-mails, hackers are taking a new approach by holding files hostage for ransom. According to researchers at San Diego-based security firm Websense, this new trend was unearthed when one of its corporate customers fell victim to an infection. This encrypted 15 different types of files such as documents, images and spreadsheets. A ransom note was also left behind that included an e-mail address, which was intended for communication about details for delivering ransom of $200, in exchange for the digital keys to unlock the files. According to Websense, a user’s PC becomes infected when he visits a malicious web site that exploits vulnerability in Microsoft Internet Explorer that allows applications to run without the user’s intervention. The malicious web site then uses the Windows help subsystem and a CHM file to download and run a trojan horse called Trojan.Pgpcoder. This trojan connects to another malicious web site that hosts an application charged with encoding files on the user’s local hard disk and on any mapped drives. The malicious code also drops a message onto the system with instructions on how to buy the tool needed to decode the files (see screenshot). This message includes the e-mail address of the hacker to contact for further instructions, and the user is directed to deposit money into an online E-Gold account. According to both Websense and Symantec, uninfected users can keep themselves at bay from this trojan by disabling any unneeded service such as FTP server, telnet, and web server. If any PC on a network is infected, the administrator should disable or block access to that particular computer, until a security update has been installed. Enforcing a password policy is also essential since complex passwords make it difficult to crack password files on compromised computers. Thirdly, users should configure the e-mail server to block or remove e-mails that contain those file attachments commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files. Leading security and anti-virus firms are updating protective software for companies and consumers to guard against this type of attack, which experts call ‘ransom-ware’. Users of Symantec’s Norton anti-virus can download the latest virus definition files at http://securityresponse.symantec.com/avcenter/defs.download.html. McAfee anti-virus users can download the latest security updates from www.mcafeesecurity.com/us/downloads/default.asp. Users can download patches for the Internet Explorer vulnerability mentioned at www.microsoft.com/technet/security/bulletin/ms05-may.mspx.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code