Encryption Malware Increasingly Infecting PCs in Spain and France
Dr. Web the Russian anti-virus firm is reporting one currently circulating massive malware campaign that is distributing Trojan.ArchiveLock a malicious encryption program known to infect computers outside Russia. The countries increasingly affected are Spain and France.
It is evident that the Trojan.ArchiveLock encrypts files by utilizing WinRAR the archiver. Cyber-criminals while distributing it leverage one brute force assault against target PCs through Remote Desktop Protocol. And immediately after establishing a linkage with the affected computer, they install the malicious program which replicates the encryption code and pastes it onto any system folder of the compromised machine.
Thereafter, Trojan.ArchiveLock.20 makes a file list intended for encryption, cleanses the Recycle Folder as well as erases all backup contents that may be on the PC. Utilizing the WinRAR's console version, the Trojan adds files and folders from the mentioned list onto archives that are password-protected as well as self-extracting, while uses one unusual functionary for erasing previously existing files that then become non-retrieval.
Following this, it (Trojan.ArchiveLock.20) shows a lengthy missive to the victim elucidating on the situation while stating that a password (as long as 50 characters) costing $5,000 can be obtained which will unlock the archives. The lengthy missive as well suggests that the user should ask for technical support. Moreover, it blames him apparently for spamming illegitimate websites, with child porn been also spotted on his PC. And since this is a legal violation that causes hazards to other computer operators it has been necessary to block the functioning of his desktop, the message adds.
Meanwhile, security specialists from Dr. Web state that the Trojan has, since 48-hrs past, compromised numerous computers in France and Spain. According to them, the firm has received huge bunches of requests in which users complain of the Trojan.ArchiveLock.20 encrypting their files, with similar requests still coming in. Help Net Security published this dated March 14, 2013.
The specialists consequently advise end-users that they should overlook the missive, be careful to not pay the ransom asked for, leave all files undeleted, not install the OS afresh, rather run an updated anti-virus solution and cleanse the malware.
Related article: Encryption Technology Enhances Protection of Data
» SPAMfighter News - 19-03-2013