Finally, a virus that does something interesting

| Comments (2) | TrackBacks (8) |
One of the things that's been puzzling infosec types for a long time is why malware is so lame. Typically it just propagates itself and any damage is purely collateral as a side-effect of spreading. It would be easy to do something destructive, so why doesn't it happen more. (Witty is the one well-known counterexample).

Thus, it comes as something of a relief to see some malware that actually mounts a sort-of-interesting attack:

Washington - Computer users already anxious about viruses and identity theft have a new reason to worry: hackers have found a way to lock up the electronic documents on your computer and then demand $200 (about R1 200) over the Internet to get them back.

Security researchers at the San Diego-based Websense uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.

A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.

Apparently in this case they managed to decrypt the data somehow, but it's merely a matter of time till the viruses get good enough to stop that (hint: public key cryptography).

As always, don't panic. This is just a particularly annoying kind of hard drive crash (actually better in some respects since you have the opportunity to get your data back for $200. The going rate for standard hard drive failures seems to be more like $300-400.) Anyway, the solution is the same: backup your computer.1

1 I've heard suggestions of malware that will contaminate your backups for weeks before finally destroying your data, but I wouldn't expect to see that any time soon. Still, a good reason to do test restores.

8 TrackBacks

Listed below are links to blogs that reference this entry: Finally, a virus that does something interesting.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/267

TITLE: gelmut texas URL: http://www.gelmut.ru/index.php?level=12&find=%3Ch1%3EOnline%20live%20theory.%3C%2Fh1%3EFor%20many%20years%20I%20have%20been%20involved%20in%20vying%20games.%20That%20time%20was%20also%20a%20time%20of%20hard%20drug%20usage(mdma%20to%20be%20exact).%20Epoll% IP: 80.179.116.156 BLOG NAME: gelmut texas DATE: 09/19/2005 04:04:34 PM Read More

adaware Read More

free nextel ringtones from free nextel ringtones on October 5, 2005 3:23 AM

free nextel ringtones My fear-perspiring sea-goer sails not alone : A thousand fleets from every news-vender Sa Read More

adware Read More

Porno and video from Free teens raped on January 2, 2006 3:55 PM

Mom and son sex in india Fuck a delhi girl for free Lesbo torrent Extreme animal fuck Read More

alprazolam Read More

trans siberian orchestra from trans siberian orchestra on February 8, 2006 1:13 AM

trans siberian orchestra Read More

2 Comments

It's also, in the grand tradition, an old idea (Cryptovirology).

And virus-extortion is old too, the Pakistani Brain virus did that as well IIRC: "Pay or your data gets it".

Well, if you patch the packup program to encrypt on backup and decrypt on restore, even a test of the restore function doesn't help. - And then, 4 weeks later, just toss the key.

Leave a comment