Trend Micro Discovers New Ransomware ‘WORM_RANSOM.FD’According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet, as reported by blog.trendmicro on June 28, 2009. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a deadly payload. It has been discovered that WORM_RANSOM.FD downloads from remote websites when visitors access those sites or it may download secretly by other malware on the targeted system. While the deadly payload does not affect some files with extensions such as .dry, .rwg, .vxd, .dll, .inl and .exe, the malware is capable of encrypting all files stored in the targeted computers using Blowfish algorithm. Hence, the malware makes the files useless. Moreover, the worm makes a registry entry (ies) that allows it to do automatic execution whenever the system startup. Interestingly, the new ransomware WORM_RANSOM.FD does not follow the function of a typical ransomware which demands money for restoring encrypted files. Instead it gives a user three options to choose from to restore the affected files. Among the three options, first tells the affected user to consult a reputed antivirus company that may help him to decrypt the files. The second suggestion says to the user that he could send an e-mail at back9001@yahoo.com for a decryptor application to restore the affected files, while the third option includes recommendation of migrating from Windows Operating System (OS) to Linux to overcome the attack. Besides, it has been found that the ransomware WORM_RANSOM.FD alters the filenames after encryption by adding .RWG extension. For example - if the name of an original file is DOCUMENT.TXT, then after encryption its name changes to DOCUMENT.TXT.RWG. Security experts at Trend Micro have rated the ransonware as high-risk/moderate reward business model. This is primarily because it violates one of the main features many cyber criminals are using to develop malware. In addition, the payload could be easily seen and users are told that their files are made hostage. With cyber criminals giving their contact details, it is quite easy for authorities to nab the attackers. Related article: Trend Micro Detects Spam Mail Declaring World War III » SPAMfighter News - 7/8/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
