A New "Blackmailing" Variant Creeps Around…Security experts warned of a new variation of a virus that encrypts files and then blackmails the user demanding money to decrypt affected files. According to a report, a new variant of a cyber-blackmail virus classified as Win32.GpCode.ae has been detected, spreading across Russia via the internet. Experts are seeing a growth in this GpCode variant of cyber-blackmailer virus. This virus encrypts user's files, transforming such files into unintelligible stuff and holding them hostage for ransom. The amount quoted as ransom varies considerably depending on the worth of the victim. The virus encrypts files and deletes all information related to itself from the victim's machine. This makes the virus-employed path untraceable. The modus operandi of the virus is something like this. Following the completion of its encryption routine, a file with the name TMP.BAT is created. This file contains executable codes, which delete the source code of the malevolent program from the victim's machine. The latest version is targeted selectively at the Russian users. Interesting conclusions can be drawn from a close analysis of this ongoing phenomenon. It demonstrates the precision and the acumen of cyber criminals. This virus is also more advanced than the earlier variants for it uses RSA 260-bit encryption unlike RSA 67-bit encryption, with the former being a harder nut to crack! Though, there is no clarity about how and why the virus spreads, some experts are of the opinion that it might be through a botnet. A botnet is a zombie army of coopted and unaware internet computers that have been set up to serve the wishes of the virus originator. These computers are usually those whose owners have overlooked the importance of effective firewalls and other security safeguards. They are employed to keep forwarding transmissions. This army serves as a 'time bomb' whereby post the activation period it is ready for a bang, spreading the virus with a single command via the Internet Relay Channel (IRC). The virus, Win32.GpCode.ae is sent to users over the internet, in the form of an email that reads like this: Some files are coded by RSA method. On receiving the mail, the unaware users contact the virus originator instead of anti virus software. It is through this deceiving act that the files get affected at an incredible rate. Therefore, to provide immunity to one's system it must have latest installed patches and updated anti virus programs. As a precautionary measure, one must also have a back up for important data. And if, in the worst case, there's a direct encounter rely on effective anti-virus software to ensure that encrypted files are made virus-free. Related article: A Stock Spam Scam Case » SPAMfighter News - 14-06-2006
Share and tell your friends!
| All SPAMfighter products offer a free trial!
SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.
Optimize your Slow PC for better performance. Try FREE scan now
SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.
Remove Spyware with SPYWAREfighter - Free 30 days trial
Antivirus software for your Windows PC - Free 30 days trial | ||||||||||||||||||||||||||||
| <<< | >>> | ||||||||||||||||||||||||||||
SPAMfighter is
