Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Cyber-kidnappers take files hostage for Internet ransom

In late May 2005 an extortionate trojan exploiting a well-known vulnerability of Microsoft Internet Explorer (MS04-023) was widely circulated. As usual, anti-virus vendors are using a variety of names for the malware:

The trojan downloads and executes malicious codes, then encodes all files found on the storage media with these extensions: ASC, DB, DB1, DB2, DBF, DOC, HTM, HTML, JPG, PGP, RAR, RTF, TXT, XLS, ZIP. Then the trojan drops a text file named ATTENTION!!!.txt which says:

Some files are coded.
To buy decoder mail: n{removed}    
with subject: PGPcoder 000000000032

The Trojan adds registry keys so that it will be run on startup.

The intention of the “cyber-kidnappers” is to ask for a US$200 ransom from users to decode the files hostages. Some security experts refer this kind of trojan as “ransom-ware”. No doubt, the relevant police forces are making efforts to trace the bank transactions, but intelligent criminals will have made efforts to obscure the trail. Even if the criminals are caught, victims may never recover their encrypted data.

The security patch of Microsoft Internet Explorer for that vulnerability was issued on 12th July 2004. Users are recommended to:

The encrypt-and-extort technique is not new, possibly the first use was in December 1989 when the “AIDS Diskette” was sent out by mail on 5.25 inch floppies.

More Information