Security features

Your Money or Your Data
March 17, 2006

We've seen something like this a couple of years ago. Then, scoundrels were threatening businesses with denial of service attacks if they didn't pony up some protection money.

Now the easy money crowd has branched out in a disturbing new direction.

Like the sight of money? So do malware coders nowadays.

Reports of a new Trojan have started to hit the web, and it doesn't bode well for those that take the security of their PC's lightly. Targeting individuals, the new bug takes an exceptionally cruel bite out of its victims by encrypting their files. The only way to free them again is to pay up.

Users whose systems are infected Zippo-A (or CryZip) will find that their files have been packed into an encrypted archive. To release the data, the Trojan's coders were kind enough to leave instructions on where to "wire the money."

But accompanying those instructions are words that delivers bit of sting because they carry an element of truth. According to this internetnews.com report, users are treated to this little admonishment:

"Your computer catched our software while browsing illigal porn pages, all your documents, text files, databases was archived with long enought password."

Of course, their spelling and grammar could use some help, but there you have it, avoid those dark recesses of the Internet! Even if you don't visit online peepshows, always be wary of unknown sites and take special care of the files you download and the e-mail attachments you launch.

Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Spotlight Thread:
This Is New... Ransom Trojans

A word of warning from user Sm0kinP0t:

One could think the usual Trojan would always have the same purpose (z0mbies, credit and other data theft, DoS and so on...), but the folks at Sophos have found a new sort of Trojan, one that focuses malicious actions on password-encrypting documents, spreadsheets and database files only to later ask the victim for a $300 payment to an E-Gold account...

nihil reminds the group about the only reliable protection against data loss:

These first started to show up at the beginning of last year. They didn't seem to catch on, probably because it is difficult to actually collect the money without getting caught.

If you think about it, this is no big deal. If you got a virus that wiped out your data, you would be in the same position.

The answer is to have backups.

thehorse13 warns not to overlook other methods that may not sound as exciting but are still intended to cause financial harm nonetheless.

...truly new attack vectors focus on primitive tools. Why use a keylogger when the person throws the sought-after data into the garbage without shredding it?

I'd concentrate on low-tech vectors such as dumpster diving. These classic attack vectors are beginning to see an increase in use. Same for war dialing.

When we shift focus as a security community, the bad guys always look for the path of least resistance.

On the tech side of things, leveraging services such as DNS to sneak data in and out of environments is on the rise. Encrypted throttled sessions is another fabulous vector. Hiding in the white noise of network traffic is next to impossible to detect.

How do you handle hostage takers? Discuss it here.

Learn How to Develop a Security Policy for Your Organization to Keep Threats at Bay
Whitepaper: Converging System and Data Protection--Get it now!
NAC? NAP? IPSEC? SSL-VPN? What�s the best bet for maintaining endpoint security on your network?
Whitepaper: Securing Your Enterprise Applications with the BIG-IP--Get it now!
Whitepaper: Continuous Data Protection for Better Backup--Get it now!