E-thieves gettting crafty

[NATE]

TweetTrojans used for online extortion
Joris Evers
CNET News.com
May 25, 2005, 10:35 BST
Link
A new Trojan has been discovered that encrypts victims' files and then deposits a ransom note that demands over £100 in exchange for the decryption key
In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information.
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.
Even though this type of attack is not widespread at this point, Internet users should be aware of the threat, said Oliver Friedrichs, a senior manager at Symantec Security Response. "It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage," he said.
"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.
Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office files. It then encrypts the files, removes the originals and drops a note asking $200 (£109) for the encryption key, Friedrichs said.
A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.
Attackers could use email, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec's Friedrichs said.
Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."
For protection, users should run security software and make sure that their software is patched, Websense and Symantec said. The Internet Explorer flaw exploited to attack the user in the Websense case was patched in July last year.
The Websense customer was victimised two weeks ago. The Web sites involved in the attack have since been taken down.

[O2BESOHUGE]

TweetBASTAGES....WHAT HAPPENED TO THE GOOD OL BLACK SCARF AND PISTOL??

O2

[NATE]

Tweetthose days are gone my friend, people just bust your door down and take the family hostage nowadays...

[mick-G]

TweetDid anyone ever get the one that comes up on your desk top and it is Arabic writing with Samuri swords all over and you can't get it off no matter what you do? I had to system restore and it completly wiped out my files.

[Equalizer]

Tweetthere are alot of scammer bastards on ebay trying to buy and sell.

[president_fad]

Tweetmozilla motherfuckers!

[Equalizer]

Tweeti sell high dollar sony vaio laptops on there weekly and they are always trying to fraud me....bidding on auctions and sending fake paypal info, bidpay etc then get this go and create an email address similiar to my username and email the 2nd highest bidder and while posing as me send them emails saying the high bidder didnt pay and try to get them to send money...fucking losers......i swear to god if i ever get ahold of them I will tie him/her up and absolutley beat the living shit out of him/her. It just messes people up that our trying to do legit business, you have to put all kinds of bidding restrictions on your auctions and lose customer base....and not to mention the type of listings I do are 35 dollars a pop then another 50-75 when it sales but even with all the shit ive had to put up with i still have 100 percent feedback if any of you meatheads need a bad ass new laptop (2ghz Pentium Centrino M, 100gb HD, 1gb Ram, 17in LCD widescreen) I sell all A series Sony Vaio Notebooks.

Sorry started out as being raged about scammer fuckers than turned into a sales pitch.....