Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Extortion virus makes rounds in Russia

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Extortion virus makes rounds in Russia
Date: Wed, 26 Oct 2005 01:24:06 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,105706,00.html

By Jeremy Kirk
OCTOBER 25, 2005
IDG NEWS SERVICE

Two new versions of a virus first reported in May are staging renewed
attacks against computers in Russia, encrypting files and then
extorting money from victims to decode the files.

After an infection, the Russian-language instructions let victims know
how many of their files have been encrypted. Translated, the warning
says, "If you want to get these damn files in the decrypted format"  
then write to the e-mail address given. The message goes on to say,
"P.S. And be thankful that they were not completely erased!"

The viruses, called JuNy.A and JuNy.B, search for more than 100 file
types by extension, according to a warning issued by Websense Inc. The
renewed attack was first reported on a weblog published by Kaspersky
Lab Ltd.

So far, the viruses appear to be limited to Russia, and it's not known
how many computers have been affected. The viruses are similar to one
that struck in May called "gpcode," said David Emm, senior technology
consultant for Kaspersky in the U.K. The gpcode included an e-mail
address where presumably a fee for the decoder would be negotiated, he
said.

"As I understand, this thing was progressive, and it would gradually
encrypt more and more stuff," Emm said.

Left alone, the virus would encrypt everything but a text file, Emm
said. It's suspected that the virus enters a computer after a user
visits a certain Web site and then exploits a vulnerability, Emm said.  
Another theory is the virus is activated after a user runs some type
of executable code containing the virus, Emm said.

But it isn't easy tracing the origins of the viruses because "by the
time you get to hear of these things it's kind of erasing information
on the host machine," Emm said.

Virus writers who seek to extort money from victims are nothing new
and have been around since at least 1989, Emm said. In the last couple
of years, however, virus writers have moved away from writing
malicious code simply to display their skills and are increasingly
trying to make money, he said.




_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Extortion virus makes rounds in Russia, InfoSec News <=
Previous by Date:  [ISN] Homeland Security IG raps Secret Service's network security, InfoSec News
Next by Date:  [ISN] From Hacker to Protector, InfoSec News
Previous by Thread:  [ISN] Homeland Security IG raps Secret Service's network security, InfoSec News
Next by Thread:  [ISN] From Hacker to Protector, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]