Educated Guesswork: Finally, a virus that does something interesting

« Filibuster compromise? | Main | The market price for your financial information »

May 24, 2005

Finally, a virus that does something interesting

One of the things that's been puzzling infosec types for a long time is why malware is so lame. Typically it just propagates itself and any damage is purely collateral as a side-effect of spreading. It would be easy to do something destructive, so why doesn't it happen more. (Witty is the one well-known counterexample).

Thus, it comes as something of a relief to see some malware that actually mounts a sort-of-interesting attack:

Washington - Computer users already anxious about viruses and identity theft have a new reason to worry: hackers have found a way to lock up the electronic documents on your computer and then demand $200 (about R1 200) over the Internet to get them back.
Security researchers at the San Diego-based Websense uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.

Apparently in this case they managed to decrypt the data somehow, but it's merely a matter of time till the viruses get good enough to stop that (hint: public key cryptography).

As always, don't panic. This is just a particularly annoying kind of hard drive crash (actually better in some respects since you have the opportunity to get your data back for $200. The going rate for standard hard drive failures seems to be more like $300-400.) Anyway, the solution is the same: backup your computer.¹

^{1 I've heard suggestions of malware that will
contaminate your backups for weeks before finally destroying your
data, but I wouldn't expect to see that any time soon. Still,
a good reason to do test restores.}

Posted by ekr at May 24, 2005 9:23 AM | Filed under:

Comments

It's also, in the grand tradition, an old idea (Cryptovirology).

And virus-extortion is old too, the Pakistani Brain virus did that as well IIRC: "Pay or your data gets it".

Posted by: Nicholas Weaver at May 24, 2005 10:00 AM

Well, if you patch the packup program to encrypt on backup and decrypt on restore, even a test of the restore function doesn't help. - And then, 4 weeks later, just toss the key.

Posted by: Sec at May 25, 2005 2:29 AM