Free Phone + Bluetooth @T-Mobile.com
May 24, 2005 11:16 AM PDT
Miscreants encrypt files, hold them for ransom
- Related Stories
-
Fix in for Windows flaw
May 10, 2005 -
'Highly critical' flaw reported for Netscape software
April 26, 2005 -
Microsoft finds more 'critical' flaws in Windows
July 13, 2004
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.
Even though this type of attack is not widespread at this point, Internet users should be aware of the threat, said Oliver Friedrichs, a senior manager at Symantec Security Response. "It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage," he said.
"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.
Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office file types. It then encrypts the files, removes the originals and drops a note asking $200 for the encryption key, Friedrichs said.
A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.
Attackers could use e-mail, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec's Friedrichs said.
Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."
For protection, users should run security software and make sure that their software is patched, Websense and Symantec said. The Internet Explorer flaw exploited to attack the user in the Websense case was patched in July last year.
The Websense customer was victimized two weeks ago. The Web sites involved in the attack have since been taken down.
See more CNET content tagged:
Websense Inc.,
Symantec Corp.,
attack,
attacker,
victim
solution to this problem: BACKUP ALL IMPORTANT FILES.
Preferrably to a removable media like CD-R or DVD-R. Then when
the file is hosed (by mistake or maliciously) you can just grab the
backup and laugh at the intruders.
Oh, and death penalty for Trojan/Virus writers may help curb some
of the little creeps as well.
We later learned who had done this, and recovered some paper files he had also stolen, after the statute of limitations had run. He had been recommended highly to us by lawyers, a judge, and a university department head, etc. His father found and returned some stolen hard copies of documents, as well as finding the newsletter addressed and mailed to the culprit by a national organization of child molesters. Two credible people have identified him as the perpetrator of sex crimes against them, but, in the local legal environment, wouldn't report it.. He has two college degrees and may now be practicing law somewhere but I have not found him on line yet. I will provide his name to anyone with a legitimate investigative need.
PETER S. CHAMBVERLAIN
1309 Hunt Street
Commerce, Texas 75428-2916
peterschamberlain@earthlink.net
(903)886-2323
CELL: (903)366-6926
99% of the time in a non-corprate enviornment the answer is: 'Back up?' 'How was I supposed to do that?'
90% of the people I ask in a corporate enviornment say 'No', even though they have mapped network drives to personal space on a server that is backed up nightly. On a side note those same users have absolutely nothing on thier network drives.... everything is saved under my documents.....LOL
I do not feel sorry for anyone that is affected by these sorts of attacks, because if you'd had anti-virus with updated definitions and used the microsoft firewall, you'd be protected.
And to all those of you who would say 'Microsoft sucks! I never get attacked':
Well Microsoft is the big guy on top of the hill and everyone wants to take him down so they can be 'king of the hill', what they fail to realise is that as soon as someone else takes over that spot, they will become the primary target for attack. Lots of people proudly walked around saying I don't have problems now because I use FireFox....I think a virus about a week later shut those people up. Every piece of software is going to have a vulnerability reguardless if it's open source or proprietary.
I'm more in love with Microsoft than my own wife! Microsoft has provided me with the tools and knowledge I need to be successfull in this crazy world we live in. My wife just nags about her allowance and other mindless drama that wives talk about while I'm out bringing home the bacon so to speak.
These are questions that should be answered in the story but lazy reporters obviously don't care.