|The Trojan horse holds data hostage until a
ransom is paid.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a Trojan horse that prevents victims from accessing
their computer data and asks for ransom to be paid via Western
The Troj/Ransom-A Trojan
horse threatens to delete one file belonging to the innocent user
every 30 minutes, until the $10.99 ransom demand is fulfilled.
Upon activation the Trojan horse displays some pornographic
images, as well as the following message:
listen up muthafucka
is this computer valuable. it better not be. is this a business
computer. it better not be. do you keep important company records
or files on this computer. you'd better hope not. because there are
files scattered all over it tucked away in invisible hidden folders
undetectable by antivirus sofware the only way to remove them and
this message is by a CIDN number
The Trojan horse continues to explain that a "CIDN number" can
be acquired by making a payment via Western Union to the hacker.
Once the number has been entered, the Trojan promises to remove
itself and restore access to the stolen files.
"This Trojan horse is designed to take your data hostage, and
tries to scare users into paying up quickly by threatening to wipe
files one-by-one. Our concern is that this may be the beginning of
a growing trend of malware designed to extort money from innocent
users," said Graham
Cluley, senior technology consultant for Sophos. "Ransomware
like this underlines the importance for every computer user to make
regular backups of their important data, and to defend their
computers with up-to-date security software."
Sophos experts note that the Trojan horse circumvents attempts
to remove it from infected computers once it has activated. If the
affected user presses Ctrl-Alt-Del in an attempt to stop the Trojan
horse running, another message is displayed:
Yeah, We don't die, We multiply!
Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest
tool in the shed but Crtl+Alt+Del is everyone's S.O.S.
"Curiously, the malware author doesn't appear to have a lot of
confidence in his Trojan horse working properly as he suggests
victims contact him at a Yahoo email address if they have a problem
uninstalling the Trojan once they have paid up," continued
In March, Sophos reported on a
Trojan horse that encrypted victim's data, and demanded $300 for
the password to unlock the information. Sophos experts analysed the
malware and published the password, foiling the villain's
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware
and spam threats and secure their desktops and servers with
automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.