25 May, 2005

Miscreants encrypt files, hold them for ransom -ZdNet

In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information. The attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.

Attackers could use e-mail, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign. Attackers leave a trail if they ask for money. This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing.

No comments: