If you’re
the unlucky victim of a new Trojan making the rounds, it’ll cost
you $300 to get your data back from the Trojan’s author.
As of press time the Trojan did not yet have a common CME identifier.
It is currently known as cryzip by LURHQ, Symantec, McAfee and Trend
Micro. Kaspersky calls it Zippo and Panda Labs calls it ZippoCryptor.
Once infected, the Trojan encrypts a user’s data in a
password-protected zip file. In addition to the inaccessible files,
the victim is left with a ransom note in a file titled “AUTO_ZIP_REPORT.txt.”
The file starts with the words, “INSTRUCTIONS
HOW TO GET YUOR FILES BACK READ CAREFULLY.” According to LURHQ, the typo-rife ransom note continues: “Your computer catched our software while browsing illigal porn
pages, all your documents, text files, databases was archived
with long enought password.”
The note warns users not to attempt to crack the password on the
compressed zip files. The only way to get the data back, it says, is by sending
the “ransom” to an E-Gold account, apparently operated by the Trojan’s
author.
According to security firm LURHQ, a random E-Gold account number is
automatically inserted at the top of the ransom note from an embedded
list.
“By operating many accounts simultaneously, the Trojan author is
betting that even if E-Gold shuts down some of the accounts, he/she
will still receive payment on some of the others,” LURHQ’s advisory
states.
So far, the Trojan does not appear to be widespread. McAfee, Panda
Labs and Symantec have given it a low-risk assessment and all have
issued updates to its malware definition files to identify the Trojan.
It could always be worse.
Though the cryzip Trojan may make a victim cry, at least it doesn’t berate victims like last year’s Cisum.A virus did.