WASHINGTON - The latest threat to computer users doesn't destroy data
or steal passwords - it locks up a person's electronic documents,
effectively holding them hostage, and demands $200 over the Internet
to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the
unusual extortion plot when a corporate customer they would not
identify fell victim to the infection, which encrypted files that
included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the
attacker using the address later demanded $200 for the digital keys
to unlock the files.
"This is equivalent to someone coming into your home, putting your
valuables in a safe and not telling you the combination," said Oliver
Friedrichs, a security manager for Symantec Corp. The company said
Tuesday the problem was serious but not deemed a high-level threat
because there were no indications it was widespread.
The FBI said the scheme was unlike other Internet extortion crimes.
Leading security and antivirus firms this week were updating
protective software for companies and consumers to guard against this
type of attack, which experts dubbed "ransom-ware."
"This seems fully malicious," said Joe Stewart, a researcher at
Chicago-based Lurhq Corp. who studied the attack software. Stewart
managed to unlock the infected computer files without paying the
extortion, but he worries that improved versions might be more
difficult to overcome. Internet attacks commonly become more
effective as they evolve over time and hackers learn to avoid the
mistakes of earlier infections.
"You would have to pay the guy, or law enforcement would have to get
his key to unencrypt the files," Stewart said.
The latest danger adds to the risks facing beleaguered Internet
users, who must increasingly deal with categories of threats that
include spyware, viruses, worms, phishing e-mail fraud and denial of
service attacks.
In the recent case, computer users could be infected by viewing a
vandalized Web site with vulnerable Internet browser software. The
infection locked up at least 15 types of data files and left behind a
note with instructions to send e-mail to a particular address to
purchase unlocking keys. In an e-mail reply, the hacker demanded $200
be wired to an Internet banking account. "I send programm to your
email," the hacker wrote.
There was no reply to e-mails sent to that address Monday by The
Associated Press.
Ed Stroz, a former FBI agent who now investigates computer crimes for
corporations, said the relatively cheap ransom demand - only $200 -
probably was deliberately low to encourage victims to pay rather than
call police and to discourage law enforcement from assigning these
cases a high priority.
"That's a very powerful threat," Stroz said. "If somebody encrypted
your files, you need this stuff now to do your work."
FBI spokesman Paul Bresson said more familiar Internet extortion
schemes involve hackers demanding tens of thousands of dollars and
threatening to attack commercial Web sites, interfering with sales or
stealing customer data.
Experts said the Web site where the infection originally spread had
already been shut down. They also said the hacker's demand for
payment might be his weakness, since bank transactions can be traced
easily.
"The problem is getting away with it - you've got to send the money
somewhere," Stewart said. "If it involves some sort of monetary
transaction, it's far easier to trace than an e-mail account."
------- End of forwarded message -------
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:03:50
search: