New Trojan Ransoms Files, Demands $300

**BINNY** · 18-03-06, 10:36 AM

HI,

A Trojan is loose that locks up files and then demands a $300 ransom to return
access, several security firms said Thursday, but at least two have
discovered the password needed to free the files.

Dubbed "Cryzip" by some anti-virus vendors and "Zippo.a" by others, the Trojan archives 44 file types -- including .doc (Microsoft Word), .pdf (Adobe Acrobat), and
.jpg (images) -- with a ZIP library, then password-protects the files
and deletes the originals.

A "ransom note" is left on the machine, and reads in part: "Do
not try to search for a program what encrypted your information - it is
simply do not exists in your hard disk anymore. If you really care
about documents and information in encrypted files you can pay using
electonic [sic] currency $300.

"Reporting to police about a case will not help you, they do not know
password."

At least two security firms, however, have dug up the password,
which was left in plain view within one of the DLL files dropped by the
Trojan. According to both Sophos and LURHQ, the password is:

C:\Program Files\Microsoft Visual Studio\VC98

"Because this string often appears inside projects compiled with Visual C ++ 6, the author likely figured anyone who found the infecting DLL and
examined its strings looking for the password would simply overlook
it,"

"There should be no need for anyone to pay the reward," said Graham
Cluley, a senior technology consultant with Sophos, in a separate
statement. "It looks like this password was deliberately chosen by the
author in an attempt to fool analysts into thinking it was a directory
path instead."

Victims can use any ZIP utility to unlock the files with the password.

Ransom-like attacks, labeled "ransomware," are rare. The last
full-fledged attack was in May 2005 when another security company,
California-based Websense, spotted a Trojan that demanded $200 for a
decryption key.

[img]smileys/smiley17.gif[/img]

**sowmya571** · 19-03-06, 03:47 PM

hello

COOOOOOOOOOOOOL

BYE

SOWMYA

madmadman · 19-03-06, 04:20 PM

[img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img]

gr8 senses

18-03-06, 10:36 AM	#1 (permalink)
BINNY Technical GURU Join Date: Feb 2006 Location: India Posts: 805 Thanks: 4 Thanked 19 Times in 15 Posts Thanks: 4 Thanked 19 Times in 15 Posts Blog Entries: 2 Rep Power: 14	HI, A Trojan is loose that locks up files and then demands a $300 ransom to return access, several security firms said Thursday, but at least two have discovered the password needed to free the files. Dubbed "Cryzip" by some anti-virus vendors and "Zippo.a" by others, the Trojan archives 44 file types -- including .doc (Microsoft Word), .pdf (Adobe Acrobat), and .jpg (images) -- with a ZIP library, then password-protects the files and deletes the originals. A "ransom note" is left on the machine, and reads in part: "Do not try to search for a program what encrypted your information - it is simply do not exists in your hard disk anymore. If you really care about documents and information in encrypted files you can pay using electonic [sic] currency $300. "Reporting to police about a case will not help you, they do not know password." At least two security firms, however, have dug up the password, which was left in plain view within one of the DLL files dropped by the Trojan. According to both Sophos and LURHQ, the password is: C:\Program Files\Microsoft Visual Studio\VC98 "Because this string often appears inside projects compiled with Visual C ++ 6, the author likely figured anyone who found the infecting DLL and examined its strings looking for the password would simply overlook it," "There should be no need for anyone to pay the reward," said Graham Cluley, a senior technology consultant with Sophos, in a separate statement. "It looks like this password was deliberately chosen by the author in an attempt to fool analysts into thinking it was a directory path instead." Victims can use any ZIP utility to unlock the files with the password. Ransom-like attacks, labeled "ransomware," are rare. The last full-fledged attack was in May 2005 when another security company, California-based Websense, spotted a Trojan that demanded $200 for a decryption key. [img]smileys/smiley17.gif[/img] __________________ BINNY

19-03-06, 03:47 PM	#2 (permalink)
sowmya571 Moderator Join Date: Feb 2006 Posts: 1,413 Thanks: 0 Thanked 9 Times in 8 Posts Thanks: 0 Thanked 9 Times in 8 Posts Rep Power: 18	hello COOOOOOOOOOOOOL BYE SOWMYA __________________ http://livetolead.blogspot.com/ all the best Arise Awake N Stop Not Until Ur Goal Is Reached!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

19-03-06, 04:20 PM	#3 (permalink)
madmadman Senior Member Join Date: Mar 2006 Location: India Posts: 145 Thanks: 0 Thanked 0 Times in 0 Posts Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 4	[img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img][img]smileys/smiley32.gif[/img] gr8 senses

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)