October 25th, 2005, 09:31 PM
Extortion virus makes rounds in Russia
Two new versions of a virus first reported in May are staging renewed attacks against computers in Russia, encrypting files and then extorting money from victims to decode the files.
After an infection, the Russian-language instructions let victims know how many of their files have been encrypted. Translated, the warning says, "If you want to get these damn files in the decrypted format" then write to the e-mail address given. The message goes on to say, "P.S. And be thankful that they were not completely erased!"
The viruses, called JuNy.A and JuNy.B, search for more than 100 file types by extension, according to a warning issued by Websense Inc. The renewed attack was first reported on a Web log published by Kaspersky Lab Ltd.
So far, the viruses appear to be limited to Russia, and it's not known how many computers have been affected. The viruses are similar to one that struck in May called "gpcode," said David Emm, senior technology consultant for Kaspersky in the U.K. The gpcode included an e-mail address where presumably a fee for the decoder would be negotiated, he said.
"As I understand, this thing was progressive, and it would gradually encrypt more and more stuff," Emm said.
Left alone, the virus would encrypt everything but a text file, Emm said. It's suspected the virus enters a computer after a user visits a certain Web site, and it exploits a vulnerability, Emm said. Another theory is the virus is activated after a user runs some type of executable code containing the virus, Emm said.
But it isn't easy tracing the origins of the viruses because "by the time you get to hear of these things it's kind of erasing information on the host machine," Emm said.
Virus writers who seek to extort money from victims are nothing new and have been around since at least 1989, Emm said. In the last couple of years, however, virus writers have moved away from writing malicious code simply to display their skills and are increasingly trying to make money, he said.
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
October 26th, 2005, 12:34 AM
Wow, way to bully around the world. Thats a funny concept, but I would think that the email address would be able to track them down? maybe not.
October 26th, 2005, 01:28 AM
It is easy to create and redirect mail from box to box and send it around.
Poor but damn.
// too far away outside of limit