|
A new kind of threat which locks up files on a PC then demands money in return for unlocking them has been identified. The program, Trojan.Pgpcoder, installs itself on a vulnerable computer after users visit certain websites. It exploits a known vulnerability in Microsoft's Internet Explorer (IE). Net security firm Symantec said the program had not spread quickly, but was another example of rising criminal extortion activity on the net. The malware - harmful software - was first identified by US net security firm Websense.
For Help in removing the threat
symantic website
Get a better browser like Firefox
The program, once it installs itself unbeknown to a user, triggers the download of an encoder application which searches for common types of files on a computer and networked drives to encrypt.
The trojan replaces a user's original files with locked up ones, so that they are inaccessible. It then leaves a "ransom note" in a text file. Trojan.Pgpcoder - Website drops and runs a Trojan (downloader-aag)
- Encoding program adds items to the Windows start-up registry
- Creates a status file called "autosav.ini" with information on the files that have been encoded
- Creates a file called tmp.bat in the directory where it was run to delete itself upon completion
- Creates a file called "Attention!!!" with instructions on how to get your files decoded
- Sends an HTTP status request to the server it was downloaded from.
Sources bbc.co.uk,symantic and websense. |
