Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28534
  • Total Topics: 8240
  • Online Today: 1027
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: BitDefender warns: New ransom Trojan - "Trojan.Crypt.VB.U"  (Read 1985 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
BitDefender warns: New ransom Trojan - "Trojan.Crypt.VB.U"
« on: 18. December 2011., 06:35:30 »


Researchers at security company BitDefender have discovered a new ransom Trojan that scrambles its victims' data before cheekily offering them a 'trial' version of the software to prove its ability to successfully unlock files: http://www.malwarecity.com/blog/malware-creators-fine-tune-marketing-tactics-before-holiday-season-offer-free-trial-version-1236.html

For the most part, Trojan.Crypt.VB.U and its variants behave much like any other ransom scam. Once loaded on a Windows system it scrambles any data files it finds before offering to unlock them for a fee, this time by sending them to a web page demanding a rather steep $69 (£44).

The malware's real innovation is its attempt to overcome reluctant victims' willingness to pay the fee by offering to decrypt three files in advance of them buying a full license.

BitDefender reports that the type of encryption used turns out to be a simple type of XOR algorithm, which means that decryption would not require huge brute force to break in this instance.

Ransom Trojans

Ransom Trojans have been around for years, ranging from those using watertight encryption such as Gpcode to others manipulating social engineering to make victims believe their files are unrecoverable when they are actually being hidden in trivial ways.

Other examples have been tied into premium rate SMS scams, while one discovered in Japan in 2010 attempted to extort money from victims after copying their porn browsing history on to a public web server: http://news.techworld.com/security/3256562/porn-worm-extorts-money-from-2500-victims/

In September this year, another version of the same attack tried to persuade users it was acting on behalf of Microsoft and users were required to pay money as punishment for running an unlicensed copy of Windows.

Aware that users have over time become less susceptible to simple ransom demands, the impersonation theme has continued to grow, even to the extent of a recent Trojan that claimed to have detected porn on the user's PC and demanded that a fine be paid to the UK's Metropolitan Police: http://news.techworld.com/security/3302864/criminals-impersonate-uk-police-to-spread-ransom-trojan/

For the criminal, the most important issue is always to convince the victim that they have little alternative but to pay the fee.

(PCW)

Samker's Computer Forum - SCforum.info

BitDefender warns: New ransom Trojan - "Trojan.Crypt.VB.U"
« on: 18. December 2011., 06:35:30 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising