Security news
Security news28 April 2006
Ransom Trojan horse demands money with menaces
 |
| The Trojan horse holds data hostage until a ransom is paid. |
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a Trojan horse that prevents victims from accessing their computer data and asks for ransom to be paid via Western Union.
The Troj/Ransom-A Trojan horse threatens to delete one file belonging to the innocent user every 30 minutes, until the $10.99 ransom demand is fulfilled.
Upon activation the Trojan horse displays some pornographic images, as well as the following message:
is this computer valuable. it better not be. is this a business computer. it better not be. do you keep important company records or files on this computer. you'd better hope not. because there are files scattered all over it tucked away in invisible hidden folders undetectable by antivirus sofware the only way to remove them and this message is by a CIDN number
The Trojan horse continues to explain that a "CIDN number" can be acquired by making a payment via Western Union to the hacker. Once the number has been entered, the Trojan promises to remove itself and restore access to the stolen files.
"This Trojan horse is designed to take your data hostage, and tries to scare users into paying up quickly by threatening to wipe files one-by-one. Our concern is that this may be the beginning of a growing trend of malware designed to extort money from innocent users," said Graham Cluley, senior technology consultant for Sophos. "Ransomware like this underlines the importance for every computer user to make regular backups of their important data, and to defend their computers with up-to-date security software."
Sophos experts note that the Trojan horse circumvents attempts to remove it from infected computers once it has activated. If the affected user presses Ctrl-Alt-Del in an attempt to stop the Trojan horse running, another message is displayed:
"Curiously, the malware author doesn't appear to have a lot of confidence in his Trojan horse working properly as he suggests victims contact him at a Yahoo email address if they have a problem uninstalling the Trojan once they have paid up," continued Cluley.
In March, Sophos reported on a Trojan horse that encrypted victim's data, and demanded $300 for the password to unlock the information. Sophos experts analysed the malware and published the password, foiling the villain's plans.
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
