News

Attack uses Microsoft flaw to hold electronic files hostage

"Ransom-ware" is uncommon, but uses a disturbing method to extract money from enterprises. Learn how to protect your company.

SearchSecurity.com Staff

A new attack uses an unpatched Internet Explorer flaw to install a Trojan that essentially then holds computer...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

files on infected systems hostage.

Users become infected by browsing a malicious Web site if they haven't applied Microsoft

More on spyware

Survey: Spam is out, what's in?
IT managers don't care about spam, according to a new report. What has their complete attention now?

Viruses 'a thing of the past'
Two new quarterly reports from AV vendors McAfee and Kaspersky say mass-mailer viruses are no longer the biggest threat. Guess what is.

patch MS04-023. The site uses the Windows help subsystem and a .chm file to upload a Trojan that Websense Security Labs called Download-AAG. It then connects to another malicious site for further instructions, which encodes files on the user's local hard disk and mapped drives and drops a message into the system that tells the infected user how to buy the decoder through an online E-Gold account.

San Diego-based Websense said it has received several reports of the attack from its customers.

The Associated Press reported that this type of attack has been dubbed "ransom-ware" and that the attacker demands $200 for the decoding software. The AP said Websense discovered the attack when an unidentified corporate customer fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets. The article reports that the attack encoded at least 15 different types of data files.

The IE flaw was labeled "critical" by Microsoft when it was released last July. Experts recommend vulnerable IE users apply the patch immediately. Vulnerable versions include:

Windows 2000 SP2, SP3 and SP4
Windows XP and Windows XP SP1
Windows XP 64-Bit Edition SP1
Windows XP 64-Bit Edition Version 2003
Windows Server 2003
Windows Server 2003 64-Bit Edition

Antivirus provider Symantec identifies the malware as Trojan.Pgpcoder and ranked it a low threat because it is not self-propogating. However, the AV vendor acknowledged the malware represents a growing trend among "for-profit" online criminals. "This Trojan horse is certainly an example of using cryptography for malicious purposes," said Oliver Friedrichs, senior manager of Symantec Security Response, in a statement. "It is the equivalent of someone coming into your home, locking your valuables in a safe and refusing to give you the combination."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Resources

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.