New kidnapper malware asks for $300 ransom

The malware comes into computers through Internet downloads andas a part of dubious programs and utilities. Named as 'GPcode.ai', the Malwareraises the current user rights to a higher level in order to modify files and tomake changes in the Windows registry. GPcode.ai also injects itself into alegitimate Windows process to remain in the memory and avoid detection.

The ransomware then searches for more than 200 file types and encrypts them all! Italso tries to send the stolen data to the remote attacker. What the victim of theattack is left with is hordes of garbage files, and a text file that reads asfollows:

Hello, your files are encrypted with RSA-4096 algorithm(http://en.wikipedia .org/wiki/RSA).

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.To buy our software please contact us at ------------- and provide us your personal code ----------- . After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.

"The claim about RSA-4096 is a bogus one as the encryption is done with a muchsimpler technology," points out Vikas Vishwasrao, Assistant Manager - R&D,MicroWorld Technologies. "But the false claim and the link to the RSA page onWikipedia is clever Social Engineering, to make you part with your money at theearliest. Like most malware gangs today, the one behind this too is looking for somequick dollars".

Though a few cases of ransomware infections were reported last year, this is thefirst such significant incident in 2007. MayArchive.a was one such malware whichdirected users to buy pharmaceuticals worth $75 from a Russian website at virtualgunpoint. Another one named GpCode.af used an actual RSA algorithm for encryptingfiles.

Security experts are keeping a close watch on this tribe of malware. CEO ofMicroWorld, Govind Rammurthy, says: "While one branch of malware programs is movingtowards stealthier varieties and camouflaged techniques, this offshoot is a ratherbrazen variety which shows that cyber criminals can go to any levels in stealingyour money. Surely, it also points to the need of backing up your data regularly andprotecting your computer with a proactive, real-time Antivirus solution".

MicroWorld

MicroWorld Technologies is the developer of the world's most advanced AntiVirus,Content Security and Firewall software eScan, MailScan, and eConceal. MicroWorldWinsock Layer (MWL) is the revolutionary technology that powers most of MicroWorldproducts enabling them to achieve several certifications and awards by some of themost prestigious testing bodies, notable among them being Virus Bulletin, Checkmark,TUCOWS, Red Hat Ready and Novell Ready.

To learn more, kindly visit http://www.mwti.net.

FromMicroWorld

Source: Express-Press-Release.com

Get RSS updates on latest computer technology and software related press releases   

You are welcome to include these headlines in your own pages. If you want to find out how to parse this RSS file please read our tutorial How to parse RSS feeds with PHP.