This is new...Ransom Trojans
Results 1 to 10 of 10

Thread: This is new...Ransom Trojans

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    114

    Arrow This is new...Ransom Trojans

    One could think the usual trojan would always have the same purpose (z0mbies, credit&other data theft, D0s and so on...), but folks at Sophos have found a new sort of trojans:
    one that focuses malicious actions on password-encrypting documents,spreadsheets and database files only to later ask the victim for a 300$ payment to an E-Gold account, in order to receive the password that unlocks the documents.

    Source: ZDnet

    A Trojan that tries to hold users to ransom could be part of a growing trend

    Experts warned computer users on Wednesday of a Trojan that could steal their data and try to sell it back to them.

    Zippo-A (also known as CryZip) searches for word documents, database files and spreadsheets, and converts them to password encrypted zip files on the user's computer. A file is then created that instructs users to pay $300 (£170) to an e-Gold account to recover their data.
    "This is most interesting as an extension of a growing trend of Russian ransomware. This is the first time we've seen this in the UK," said Graham Cluley, senior technology consultant at Sophos.

    "Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash," Cluley said.

    http://news.zdnet.co.uk/internet/sec...9257682,00.htm
    Although *.zip password is easy cracking material, if this turns into a new "fashion trend" we can start seeing more of these, probably with harder encryp and bigger $$$ demands.


    edit> forgot to say, the pass is: C:\Program Files\Microsoft Visual Studio\VC98

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Let me guess, this only affects Windows computers...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    These first started to show up at the beginning of last year. They didn't seem to catch on, probably because it is difficult to actually collect the money without getting caught?

    If you think about it, there is no big deal. If you got a virus that wiped out your data you would be in the same position.

    The answer is to have backups.

    No, brokencrow there were a couple of cross-platform ones as I recall. That actually makes sense as businesses do use *nix servers reasonably commonly.

    This activity is not aimed at private individuals.


  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    There are two posts in circulation right now. This one, which as Nihil points out, is not new. The other references a keylogger for online banking. Again, old news.

    This information is roughly 2 years old.

    That said, truly new attack vectors focus on primitive tools. Why use a keylogger when the person throws the data needed into the garbage w/o shredding it? Same for companies.

    I'd concentrate on low tech vectors such as dumpster diving. These classic attack vectors are beginning to see increases in use. Same for war dialing.

    When we shift focus as a security community, the bad guys always look for the path of least resistance.

    On the tech side of things, leveraging services such as DNS to sneak data in and out of environments is on the rise. Encrypted throttled sessions is another fabulous vector. Hiding in the white noise of network traffic is next to impossible to detect.

    Anyway. Another 2 cents.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    As always TH13 brings up a great point


    That said, truly new attack vectors focus on primitive tools. Why use a keylogger when the person throws the data needed into the garbage w/o shredding it? Same for companies.
    "There are no technical solutions for administrative problems"

    My .02 cdn

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    There are no technical solutions for administrative problems
    Hey... That's my line...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Hey... That's my line...
    Thats because GREAT minds....think alike


    Think what TH13 is trying to say ....all information is at risk...just not the stuff stored on your computer.

    When we shift focus as a security community, the bad guys always look for the path of least resistance.
    Whats the point of encrypting all your data...when the hard copies are improperly handled....

    anyway....I find this interesting and downright scarey

    On the tech side of things, leveraging services such as DNS to sneak data in and out of environments is on the rise. Encrypted throttled sessions is another fabulous vector. Hiding in the white noise of network traffic is next to impossible to detect.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Whats the point of encrypting all your data...when the hard copies are improperly handled....
    Oh, come now Mistress LeFay.... Think!!!! Print the hard copies in encrypted form... Hmmm... I think I'm onto something...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Print the hard copies in encrypted form...
    geez Tiger....I never thought of that

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I swear... from a security standpoint it's _gold_....

    I'm gonna be rich...

    Take that you dirty dumpster divers... hah...

    Seriously though, as usual, TH13 is right.... when you attack anything you look for the "easy" route... It may not _seem_ to be the easiest but if the intent is to avoid detection and reach a target then avoidance of your enemy is the easiest way... I've crawled 200 yards up a stream in winter, (which isn't "easy", trust me it's cold), to pass through a perimeter. Why? Because no-one thought anyone would do it so it wasn't properly watched... So it was the "easy" route.

    Let's be honest... SE will always be pretty easy... So it's always a big threat....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •