- Technology news and Jobs 
Information Technology News Ransomware demands visit to druggist
Information Technology News Ransomware demands visit to druggist | Ransomware demands visit to druggist |
|
|
| by Stan Beer | |
| Friday, 12 May 2006 | |
|
According to Adam Biviano, premium services manager, at Trend Micro Australia and New Zealand, this tactic may be the sign of things to come. “Like any malware, this trojan is just another point in the overall threat landscape”, says Biviano. “But with the culmination of phishing, spyware, and spam, in addition to the ‘ransom note’, it seems to follow the larger emerging trend we’ve seen over the past year, whereby many different types of threats are employed simultaneously.” Biviano adds that as the security industry continues to make gains against spam – the method by which most online pharmacies reach their target audience – these illegitimate businesses will naturally try to find new ways to make money. TROJ_ARHIVEUS.A works by accessing the files in the user's ‘My Documents’ folder, bringing together the contents into one encrypted file, ‘EncryptedFiles.als’, then deleting the originals. It also drops two new files on the user’s system, which are necessary to restore the original content. The so-called ‘ransom note’ begins by warning the user not to bother calling police or taking any other defensive action, lest their files be rendered unrecoverable. And like most such messages, the tone is harsh and controlling throughout the bulk of the text. But what makes TROJ_ARHIVEUS.A unique is the dramatic shift at the end. The tone suddenly becomes positive and upbeat, with “WE DO NOT ASK YOU FOR ANY MONEY! We only want to do business with you. You can even EARN extra money with us.” “Regardless of the tone, extortion is still extortion” adds Biviano, commenting on the note’s message that making a purchase with the online pharmacy is the ‘only way’ to restore one’s files. “Whether through the forced purchase of a product, or by just sending money directly, the writer is still forcing people to pay to regain what is theirs.” Trend Micro advises users to ignore the message within this malware, and contact their security vendor for the safe removal of this trojan, as well as the recovery of the user’s files. According to Biviano, many of the ransom note’s claims simply are not true. “Through a bit of reverse engineering, we can determine the password ourselves”, said Biviano. “Despite this writer’s claim that the encryption program is no longer on your hard drive, it is – it has to be, since it is necessary to extract the files.”{moscomment}
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
