p2pnet.net News:- A new trojan-based attack that encodes files on infected machines and then drops a ransom note has been identified.

Websense Security Labs says when someone visits a malicious website that exploits a “previous vulnerability in Microsoft Internet Explorer,” they pick up the initial infection which allows applications to be run remotely.

“The malicious website uses the Windows help subsystem and a CHM file to download and run a Trojan Horse (download-aag),” says the post.

“The downloader then connects, via HTTP, to another malicious website. This website hosts the application that encodes files on the user’s local hard disk and on any mapped drives on the machine. The malicious code also drops a message onto the system with instructions on how to buy the tool needed to decode the files.

“This message includes the email address of a third party to contact for instructions, and the user is directed to deposit money into an online E-Gold account.”

Even though this type of attack, “is not widespread at this point, Internet users should be aware of the threat,” ZDNet UK quotes Symantec spokesman Oliver Friedrichs as saying, “It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage.”

Attackers could use email, a Web site or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec’s Friedrichs said,” adds the story.

See:-
Websense Security Labs - Malicious Website / Malicious Code:, May 23, 2005
ZDNet UK - Trojans used for online extortion, May 25, 2005

This entry was posted on Wednesday, May 25th, 2005 at 1:12 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1439 times