PDA

View Full Version : New Virus Operates Through Extortion


Simplex3
06-02-2005, 01:46 PM
I'm an old school hacker. I've been into computer systems I never should have been in (all before I was 18, officer). All we did was look around, enjoy ourselves, then leave a note to the administrator telling them how we broke in so they could fix it. It was about finding and (hopefully) fixing vulnerabilities. These jerkoffs and the script kiddies who seek to do damage and create massive Internet-wide infections should all be taken out back and shot.

http://www.eurekalert.org/pub_releases/2005-06/ns-puo060105.php

Public release date: 1-Jun-2005
[ Print Article | E-mail Article | Close Window ]

Contact: Claire Bowles (UK)
claire.bowles@rbi.co.uk
44-20-7611-1210

Kyre Austin (US)
kyre.austin@reedbusiness.com
1-617-558-4939

New Scientist
Pay up or the PC gets it
Extortion, one of the oldest crimes in the book, has taken on an alarming technological twist. The FBI is warning that computer-savvy criminals have designed a virus that encrypts documents stored on a PC until the owner pays a ransom to unlock them. While the virus has so far only used weak encryption that is easily overcome, the fear is that it could be made tougher and start demanding large sums of money.

The virus searches a victim's hard drive and encrypts any text-based documents it finds there. The existing version then displays a ransom note that demands $200 for supplying the software that will decode the encrypted data so that it can be read again.

The novel attack exploits encryption technology originally designed to protect data, not kidnap it. To add insult to injury, it stores the kidnapped data in front of the victim's eyes, on their own personal computer.

The virus was discovered last week by the web-filtering company Websense of San Diego, California, when one of its clients' computers became infected. The malicious code is designed to take advantage of a vulnerability in the victim's web browser to download itself onto their hard drive.

Despite having the filename Pgpcoder, the virus does not use the popular and highly secure encryption algorithm, Pretty Good Privacy (PGP). The name may have been designed to hide the true nature of the file or perhaps to besmirch PGP's good name with the digerati.

Once Pgpcoder has infected a computer, it searches the victim's hard drive for 15 common file types to encode, including Word, Excel and html files. A message then appears demanding money for the decoder.

"It's just another version of extortion," says Dan Hubbard, director of security and defence at Websense. He would not reveal any details of the FBI investigation into what he calls "ransomware", but did point out that a rather obvious weakness in the attack is that the ransom includes a contact email address and an electronic cash account number, both of which could be traced. "This is the only case so far," Hubbard says, and the encryption algorithm it used was not very sophisticated. By reverse engineering the algorithm, Joe Stewart, a computer security consultant with Chicago-based IT firm Lurhq, was able to write a decoder that allowed the encrypted data to be recovered. The danger now is that the virus writers might turn to using strong military-grade encryption systems instead. "That would make it impossible to decrypt the files," Stewart says, leaving people with little option but to pay up.

The best defence against such attacks is to buy antivirus software and keep it up to date, and ensure that the latest operating system and browser security patches are installed. And with webmail services like Gmail offering 2 gigabytes of free storage, it doesn't hurt to back up precious documents elsewhere. This is not the first time "malware" has been written to extort cash. Criminals have tried- and in some cases succeeded- in blackmailing internet betting firms by threatening to bring down their websites with a so-called distributed denial of service attack. The new virus differs in that it targets individual users. Criminals are increasingly turning to malware to make money, Stewart says. One recent instance he quotes is a worm called Myfip, which targets a company's product designs and emails them to product counterfeiters in China.

###

IF REPORTING ON THIS STORY, PLEASE MENTION NEW SCIENTIST AS THE SOURCE AND, IF PUBLISHING ONLINE, PLEASE CARRY A HYPERLINK TO: http://www.newscientist.com

"This article is posted on this site to give advance access to other authorised media who may wish to quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if publishing online a link to http://www.newscientist.com is also required. The story below is the EXACT text used in New Scientist, therefore advance permission is required before any and every reproduction of each article in full. Please contact celia.thomas@rbi.co.uk. Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."

THIS ARTICLE APPEARS IN NEW SCIENTIST MAGAZINE ISSUE: 4 JUNE 2005

Author: DUNCAN GRAHAM-ROWE

Baby Lee
06-02-2005, 01:52 PM
And my crappy Zip 750 earns it's keep again. 750MB isn't the height of storage, but it's sufficient to hold everything I've created from a document/spreadsheet since I first got my 1st 286. And all I have to do is slide the disc in when I'm creating, and pop it out when I'm done.

HC_Chief
06-02-2005, 02:20 PM
This is one stupid idea. It's basically like robbing someone and making them pay you by check.

Simplex3
06-02-2005, 02:22 PM
This is one stupid idea. It's basically like robbing someone and making them pay you by check.
Unless that check goes to Malasia or Thailand, where the govt. could give a f**k less as long as your bribe the cop that might catch you.

htismaqe
06-02-2005, 02:35 PM
Extortion is the name of the game right now.

DDoS is the main mechanism, but I figured viruses that would facillitate it wouldn't be far behind.

Count Zarth
06-02-2005, 06:45 PM
YOUR MONEY OR YOUR PORN!