Attack uses Microsoft flaw to hold electronic files hostage

"Ransom-ware" is uncommon, but uses a disturbing method to extract money from enterprises. Learn how to protect your company.

A new attack uses an unpatched Internet Explorer flaw to install a Trojan that essentially then holds computer files on infected systems hostage.

Users become infected by browsing a malicious Web site if they haven't applied Microsoft

More on spyware

Survey: Spam is out, what's in?
IT managers don't care about spam, according to a new report. What has their complete attention now?

Viruses 'a thing of the past'
Two new quarterly reports from AV vendors McAfee and Kaspersky say mass-mailer viruses are no longer the biggest threat. Guess what is.

patch MS04-023. The site uses the Windows help subsystem and a .chm file to upload a Trojan that Websense Security Labs called Download-AAG. It then connects to another malicious site for further instructions, which encodes files on the user's local hard disk and mapped drives and drops a message into the system that tells the infected user how to buy the decoder through an online E-Gold account.

San Diego-based Websense said it has received several reports of the attack from its customers.

The Associated Press reported that this type of attack has been dubbed "ransom-ware" and that the attacker demands $200 for the decoding software. The AP said Websense discovered the attack when an unidentified corporate customer fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets. The article reports that the attack encoded at least 15 different types of data files.

The IE flaw was labeled "critical" by Microsoft when it was released last July. Experts recommend vulnerable IE users apply the patch immediately. Vulnerable versions include:

  • Windows 2000 SP2, SP3 and SP4
  • Windows XP and Windows XP SP1
  • Windows XP 64-Bit Edition SP1
  • Windows XP 64-Bit Edition Version 2003
  • Windows Server 2003
  • Windows Server 2003 64-Bit Edition

Antivirus provider Symantec identifies the malware as Trojan.Pgpcoder and ranked it a low threat because it is not self-propogating. However, the AV vendor acknowledged the malware represents a growing trend among "for-profit" online criminals. "This Trojan horse is certainly an example of using cryptography for malicious purposes," said Oliver Friedrichs, senior manager of Symantec Security Response, in a statement. "It is the equivalent of someone coming into your home, locking your valuables in a safe and refusing to give you the combination."

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close