Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Extortion virus code gets cracked

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Extortion virus code gets cracked
Date: Fri, 2 Jun 2006 00:17:21 -0500 (CDT) 
http://news.bbc.co.uk/1/hi/technology/5038330.stm

1 June 2006

Do not panic if your data is hidden by virus writers demanding a
ransom.

Poor programming has allowed anti-virus companies to discover the
password to retrieve the hijacked data inside a virus that has claimed
at least one UK victim.

The Archiveus virus caught out British nurse Helen Barrow and swapped
her data with a password-protected file.

The virus is the latest example of so-called "ransomware" that tries
to extort cash from victims.


Code breaker

Analysis of Archiveus has revealed that the password to unlock the
file containing all the hijacked files is contained within the code of
the virus itself.

This virus swaps files found in the "My Documents" folder on Windows
with a single file protected by a 30-digit password. Victims are only
told the password if they buy drugs from one of three online
pharmacies.

The 30-digit password locking the files is
"mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw". Using the password should
restore all the hijacked files.

"Now the password has been uncovered, there should be no reason for
anyone hit by this ransomware attack to have to make any payments to
the criminals behind it," said Graham Cluley, senior technology
consultant for security firm Sophos.

Archiveus was discovered on 6 May but it took the rest of the month
for the first victim, Rochdale nurse Helen Barrow, to emerge.

Ms Barrow is thought to have fallen victim when she responded to an
on-screen message warning her that her computer had contracted another
unnamed virus. The virus asks those it infects to buy drugs on one of
three websites to get their files back.

"When I realised what had happened, I just felt sick to the core,"  
said Ms Barrow about the incident.

The Archiveus virus is only the latest in a series of malicious
programs used by extortionists to extract cash from victims. Archiveus
seems to use some parts of another ransoming virus called Cryzip that
was circulating in March 2006.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Extortion virus code gets cracked, InfoSec News <=
Previous by Date:  [ISN] Cern seeks to tighten security for data grid, InfoSec News
Next by Date:  [ISN] Miami U. reports 2nd security breach, InfoSec News
Previous by Thread:  [ISN] Cern seeks to tighten security for data grid, InfoSec News
Next by Thread:  [ISN] Miami U. reports 2nd security breach, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]