Ransomware
Posted on June 7, 2006
Filed Under Internet, Security, Software |
Just when you think that the computer virus and spyware/adware authors couldn’t possibly come up with anything more conniving than what is already out there, along comes something like ransomware.
Until recently viruses have run the gambit from popping up frivolous messages to doing real damage to the victim’s data. Spyware and in particular adware, has been used to advertise products without a users’ consent but ransomware is actually used to extort money from unwitting victims.
Ransomware first appeared a little more than a year ago. Picked up by visiting hijacked web sites or installing questionable software, the original versions were somewhat benign.
The ransonware would pop up a warning that the computer is infected with some type of spyware/adware or other nastiness. In order to rid the computer of the problem all the user need do is buy a subscription to a full version of some antispyware product. Once purchased the problem seemingly goes away – until the subscription runs out.
The trouble is that the pop ups were bogus – simply empty threats that the computer had become infected in order to extort money. The software the user purchases simply stops the warnings from popping up.
Last week the Arhiveus (also known as MayAlert) virus appeared that takes the concept of ransom one step further.
Arhiveus collects all the files in a users “My Documents” folder into a single file, deletes the original files, and then encrypts the single file it created.
Arhiveus then creates a plain text document named “INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt” that directs the user to purchase from an online pharmacy and send the order conformation to an email address. Seemingly then a password will be sent to the user which will allow the encrypted file to be opened and the documents to be retrieved.
Symantec reported last week on the appearance of what it names Trojan.Randsom.A. Randsom.A while relatively harmless advises the user that files are being hidden on the computer and are being deleted one by one every 30 minutes.
What’s extraordinary about Randsom.A is that it instructs the user to send $10.99 to an account by Western Union. Randsom.A instructs the user to input a code from the Western Union receipt to uninstall the threat.
As always, regular backups and up to date virus and spyware/adware protection is the best defense.
Neither Arciveus nor Randsom.A are widespread but they are noteworthy. It can simply be mind boggling to learn what some people will do to make money on the Internet. These two ransomware dangers are no exception.
What will they think of next?
Comments
Leave a Reply
You must be logged in to post a comment.