A new ransomware is spreading on the Internet. It
encrypts a whole lot of files on your computer and
asks you to pay up $300 to give you the decryption
code for recovering the data, say Security Experts
at MicroWorld Technologies.
The malware comes into computers through Internet
downloads and as a part of dubious programs and utilities.
Named as 'GPcode.ai', the Malware raises the current
user rights to a higher level in order to modify files
and to make changes in the Windows registry. GPcode.ai
also injects itself into a legitimate Windows process
to remain in the memory and avoid detection.
The ransomware then searches for more than 200 file
types and encrypts them all! It also tries to send
the stolen data to the remote attacker. What the victim
of the attack is left with is hordes of garbage files,
and a text file that reads as follows:
Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/wiki/RSA).
You will need at least few years to decrypt these
files without our software.
All your private information for last 3 months were
collected and sent to us.
To decrypt your files you need to buy our software.
The price is $300.
To buy our software please contact us at -------------
and provide us
your personal code ----------- . After successful
purchase we will send
your decrypting tool, and your private information
will be deleted from our system.
"The claim about RSA-4096 is a bogus one as
the encryption is done with a much simpler technology,"
points out Vikas Vishwasrao, Assistant Manager - R&D,
MicroWorld Technologies. "But the false claim
and the link to the RSA page on Wikipedia is clever
Social Engineering, to make you part with your money
at the earliest. Like most malware gangs today, the
one behind this too is looking for some quick dollars".
Though a few cases of ransomware infections were
reported last year, this is the first such significant
incident in 2007. MayArchive.a was one such malware
which directed users to buy pharmaceuticals worth
$75 from a Russian website at virtual gunpoint. Another
one named GpCode.af used an actual RSA algorithm for
encrypting files.
Security experts are keeping a close watch on this
tribe of malware. CEO of MicroWorld, Govind Rammurthy,
says: "While one branch of malware programs is
moving towards stealthier varieties and camouflaged
techniques, this offshoot is a rather brazen variety
which shows that cyber criminals can go to any levels
in stealing your money. Surely, it also points to
the need of backing up your data regularly and protecting
your computer with a proactive, real-time Antivirus
solution".
MicroWorld
MicroWorld (www.mwti.net
) are the developers of the world's first Real-Time
AntiVirus and Content Security software eScan
for desktops and servers. Its communication security
software, MailScan
is the first comprehensive e-mail scanner for your
SMTP/POP3 Mail Server.
MicroWorld Winsock Layer (MWL) is
the revolutionary technology underlying these products,
powering them to several certifications and awards
by some of the most prestigious testing bodies, notable
among them being Virus Bulletin, Checkmark, TUCOWS,
Red Hat Ready, and Novell Ready. Combining their powerful
scanner with MWL technology, MicroWorld solutions
provide a Real-Time Proactive security for your systems.
For network security of enterprises, eConceal Firewall
is the latest powerful offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
