Security news
Security news15 March 2006
Zippo Trojan horse demands $300 ransom for victims' encrypted data Sophos experts reveal password used in criminal attack is disguised as a directory path
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a Trojan horse that encrypts victims' computer data, and then attempts to extort a $300 ransom.
The Troj/Zippo-A Trojan horse (also known as CryZip) searches for files on innocent users's computers such as Word documents, databases and spreadsheets, and moves them into password-encrypted ZIP files. It then creates another file informing the affected user on how they need to pay $300 to an E-Gold account to recover their data.
Part of the ransom demand left by the Zippo Trojan horse.
"The Zippo Trojan horse is bold as brass, scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have "kidnapped" your files. Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash," said Graham Cluley, senior technology consultant for Sophos. "In the old days malware was typically written by teenagers who wanted to show off to their mates. Now most of the viruses and Trojan horses we see are being written with the intention of making money from innocent internet users. The attacks are becoming more organized and more malicious, and every computer needs to be properly defended."
Sophos experts who have analysed the Trojan horse have determined the password used to encrypt users' data.
"Experts at Sophos have disassembled the Zippo Trojan and determined that the password it uses to encrypt data is C:\Program Files\Microsoft Visual Studio\VC98," continued Cluley. "So there should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it. It looks like this password was deliberately chosen by the Trojan's author in an attempt to fool analysts into thinking it was a directory path instead."
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
Read now
- 15,000 new web pages hacked daily
- Biggest botnet busted
- 79% of malware on legitimate sites
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
