On GameSpot: We take a look at Warhammer Online
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Joris Evers, News.com
Posted on ZDNet News: May 24, 2005 6:16:00 PM

In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information.

In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.

Even though this type of attack is not widespread at this point, Internet users should be aware of the threat, said Oliver Friedrichs, a senior manager at Symantec Security Response. "It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage," he said.

"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.

Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office file types. It then encrypts the files, removes the originals and drops a note asking $200 for the encryption key, Friedrichs said.

A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.

Attackers could use e-mail, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec's Friedrichs said.

Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."

For protection, users should run security software and make sure that their software is patched, Websense and Symantec said. The Internet Explorer flaw exploited to attack the user in the Websense case was patched in July last year.

The Websense customer was victimized two weeks ago. The Web sites involved in the attack have since been taken down.

  • Talkback
  • Most Recent of 225 Talkback(s)
Message has been deleted.
(Read the rest)
Posted by: myfevertoy Posted on: 10/22/06 You are currently: Logged In | Log out
Nice Falkkor   | 05/24/05
Sweet! Jeff Spicoli   | 05/24/05
funny defintions HotMagma   | 05/24/05
Message has been deleted. Jeff Spicoli   | 05/24/05
I usually admire your comments... sceeble   | 05/24/05
Really. HotMagma   | 05/24/05
Ok Jeff the Smart HotMagma   | 05/24/05
I think he just forgot to check the forums in that time nucrash   | 05/25/05
Buffer over-run HotMagma   | 05/25/05
Are you hearing yourself dude Jeff Spicoli   | 05/25/05
You don't get it at all HotMagma   | 05/25/05
I don't do programming Jeff Spicoli   | 05/25/05
youre actually right... linuxoverwindows   | 05/24/05
Twit. Wolfie2K3   | 05/24/05
toob linuxoverwindows   | 05/25/05
definition jdahs@...   | 05/25/05
Nonsense AllWiseAndKnowing   | 05/24/05
he didnt say... linuxoverwindows   | 05/24/05
but what I'm hearing... AllWiseAndKnowing   | 05/25/05
In this case, "kewl" is spelled.... vizenos   | 05/24/05
Doubtful ... dalecosp   | 05/24/05
As cashaww   | 05/24/05
Good point! vizenos   | 05/25/05
or... jdahs@...   | 05/25/05
i would like to see how they plan on getting the money... linuxoverwindows   | 05/24/05
Yeah, me too... MepisLINUXuser   | 05/24/05
Im sorry... jdahs@...   | 05/25/05
Whatever, have a little more coffee. >:-P (nt) MepisLINUXuser   | 05/25/05
exactly jdahs@...   | 05/25/05
This is really funny, all possible because of your friends at Microsoft!! DonnieBoy   | 05/24/05
im sorry... jdahs@...   | 05/25/05
All this is a foreshadowing for "Trusted Computing" Xunil_Sierutuf   | 05/24/05
Be prepared! vizenos   | 05/24/05
alts linuxoverwindows   | 05/24/05
I have 4... SysAn63   | 05/25/05
RE: All this is a foreshadowing for "Trusted Computing" nightshade0143   | 05/24/05
Just like the Patriot Act! Lopar-XL   | 05/24/05
A Black Ford Crown Vic.. SysAn63   | 05/25/05
To The Men In Dark Suits..Disregard The Man In Camo With The RPG itanalyst   | 05/25/05
And It Won't Be Hackers ebrke   | 05/25/05
competition is stronger than that ronedon   | 05/25/05
Right, Sure, Uh-Huh mxyzyptylk@...   | 05/26/05
will not work MIS Master   | 05/24/05
I agree... but.. Xunil_Sierutuf   | 05/24/05
Patch your system boomchuck1   | 05/24/05
But...but...but... vizenos   | 05/24/05
Imagine that... Wolfie2K3   | 05/24/05
O please cashaww   | 05/24/05
Why FilledOut   | 05/25/05
I have never used any other os than windows ronedon   | 05/25/05
Imagine that... vizenos   | 05/25/05
I really doubt... jdahs@...   | 05/25/05
or maybe vladsim   | 05/24/05
this time i have to agree linuxoverwindows   | 05/24/05
Patch? What patch? Justcauz   | 05/24/05
Patches Dumb tom   | 05/24/05
I think... jdahs@...   | 05/25/05
I heard about this on the news today Justcauz   | 05/25/05
I found the name of the site Justcauz   | 05/25/05
Ok. Thanks Microsoft.... vdraken   | 05/24/05
Yet another person whose reading comprehension needs work, eh? TechinMN   | 05/24/05
Number One rule of trolling...... IT Scion   | 05/24/05
I understand cashaww   | 05/24/05
Snort! vizenos   | 05/25/05
windows 3.1 MIS Master   | 05/24/05
Why blame MicroSoft? heppert@...   | 05/24/05
how do you know... linuxoverwindows   | 05/24/05
I blame cashaww   | 05/24/05
Give it a freaking rest! DragonBRockin   | 05/25/05
Only a child Yagotta B. Kidding   | 05/24/05
I wonder if Gerald Quaglia   | 05/24/05
No this is part of the WinXP claim of "Most secure Windows Yet" Xunil_Sierutuf   | 05/24/05
Missing punctuation Yagotta B. Kidding   | 05/24/05
Well cashaww   | 05/24/05
Secure?? Kaniki   | 05/25/05
Probably since IT Scion   | 05/24/05
Sorry, but.. vdraken   | 05/24/05
That may be, but ...... Gendibal   | 05/24/05
Sorry, my error in reading the article. Gendibal   | 05/24/05
nah... linuxoverwindows   | 05/24/05
Vote with your feet! vizenos   | 05/25/05
lmao linuxoverwindows   | 05/25/05
No need to fear... Mike Cox   | 05/24/05
5.0 Im craving Starbucks, Falkkor   | 05/24/05
0.2 PMC-CON   | 05/24/05
im just curious... linuxoverwindows   | 05/24/05
RE: im just curious... nightshade0143   | 05/24/05
Saurcasm.. Wolfie2K3   | 05/24/05
RE: Saurcasm.. nightshade0143   | 05/24/05
RE: Saurcasm.. nightshade0143   | 05/24/05
sarcasm: linuxoverwindows   | 05/25/05
7.0 Real World   | 05/24/05
6.2 Double Latte nucrash   | 05/25/05
Endless ... possibilities for all the creeps michael_t   | 05/24/05
I guess IT Scion   | 05/24/05
I am amazed at the POSIBILITIES michael_t   | 05/24/05
I don't IT Scion   | 05/24/05
I see michael_t   | 05/25/05
Okay IT Scion   | 05/25/05
He he he .... michael_t   | 05/25/05
Oh, I'm sorry IT Scion   | 05/26/05
by design... linuxoverwindows   | 05/24/05
I have a question for Websense IT Scion   | 05/24/05
A Great Question!!! peter@...   | 05/24/05
Thx... IT Scion   | 05/24/05
Did I read the article correctly? TDWinfo   | 05/24/05
well, it is ms and ie... the possible holes are endless. linuxoverwindows   | 05/24/05
The only assumption IT Scion   | 05/24/05
Patching typically isn't part of the services offered EJHonda   | 05/24/05
Patching typically isn't part of the services offered nightshade0143   | 05/24/05
Actually IT Scion   | 05/24/05
Question for Whom ???? COOLRUNR   | 05/24/05
Nice rant but IT Scion   | 05/24/05
Come on cashaww   | 05/24/05
Dang IT Scion   | 05/24/05
But What Happens if My Ransom Check Bounces? DaffyDuck   | 05/24/05
Maybe... robin58   | 05/24/05
Don't send a check... jeff.armour@...   | 05/24/05
I have stopped using ATM card for purchases DaffyDuck   | 05/24/05
lol linuxoverwindows   | 05/24/05
yeah, use a credit card number instead. linuxoverwindows   | 05/24/05
Take it easy Yagotta B. Kidding   | 05/24/05
What did I tell ya in the other thread, huh?... MepisLINUXuser   | 05/24/05
Sunk to new lows ... lalogos   | 05/24/05
aww, come on in, the mud is fine! (nt) linuxoverwindows   | 05/24/05
I think there is a job for someone i this. swenzn   | 05/24/05
too excited swenzn   | 05/24/05
you owe me $1 linuxoverwindows   | 05/24/05
drives me nuts dc@...   | 05/24/05
That cashaww   | 05/24/05
Who to blame, who to blame? hmmmm Reverend MacFellow   | 05/24/05
Here's some Troll food now back to your hole little guy (nt) IT Scion   | 05/24/05
Don't you hate it when Trolls are right!? Reverend MacFellow   | 05/24/05
I don't hate trolls.....but I do hate cleaning up their p00p(nt) IT Scion   | 05/24/05
You obviously hate being wrong! Reverend MacFellow   | 05/24/05
If you buy a Mac and don't patch it... zookeeperz@...   | 05/24/05
If you buy a Mac and don't patch it...Nothing will happen! Reverend MacFellow   | 05/25/05
if you dont patch a mac... jdahs@...   | 05/25/05
roflmao......is that the reason you bought one?.....poor troll(nt) IT Scion   | 05/24/05
not to flame... linuxoverwindows   | 05/24/05
virus idea pablito@...   | 05/24/05
clarification pablito@...   | 05/24/05
it would still work... linuxoverwindows   | 05/24/05
there would be too many variables pablito@...   | 05/25/05
So...patch was available gazer   | 05/24/05
In this case IT Scion   | 05/24/05
Understood gazer   | 05/25/05
Well IT Scion   | 05/25/05
I'm done Lorenzo1950   | 05/24/05
ok, ill take the devil's advocate position. linuxoverwindows   | 05/24/05
Pro hacker? Lopar-XL   | 05/24/05
I am pro security Bata Srki   | 05/25/05
holes holes everywhere holes linuxoverwindows   | 05/25/05
no... i am looking at it... linuxoverwindows   | 05/25/05
Technology: friend or foe? wolfsouls   | 05/24/05
RE: Technology: friend or foe? Tech Head_z   | 05/24/05
it was my best friend ... linuxoverwindows   | 05/24/05
Feeling lonely davidr69   | 05/24/05
Hey IT Scion   | 05/24/05
you can... linuxoverwindows   | 05/24/05
I'd like to hold THEM hostage! Shutterbug   | 05/24/05
It needs a name - Cryptnapping? sullivanjc   | 05/24/05
wait a minute... linuxoverwindows   | 05/24/05
Well, Cryptonapping? sullivanjc   | 05/25/05
Back to the point-this is about MONEY from little guys gardoglee   | 05/24/05
but why do you think its about money? linuxoverwindows   | 05/24/05
They can crypt the... MepisLINUXuser   | 05/24/05
I knew they would get to this point one day ... michael_t   | 05/24/05
Why Can't We Fight Back? wiskyjon   | 05/24/05
you can. linuxoverwindows   | 05/24/05
I agree stealthram   | 05/25/05
taking down farmers? linuxoverwindows   | 05/25/05
Do you see why??? nightshade0143   | 05/24/05
First, It Was Patched - see the story DaffyDuck   | 05/24/05
mine is a little bigger than yours linuxoverwindows   | 05/24/05
Yours may be a little bigger, but mine's a bigger bigger DaffyDuck   | 05/25/05
RE: First, It Was Patched - see the story nightshade0143   | 05/24/05
You are "Smart" Qbt   | 05/24/05
here we go... linuxoverwindows   | 05/25/05
Are you using that lame Linux User 147560   | 05/25/05
couldnt resist :) linuxoverwindows   | 05/25/05
Feeding Time at The Troll Trough DaffyDuck   | 05/25/05
Only stupid users use Micro$oft software instead of linux ChinesePhDinCA   | 05/24/05
And only IGNORANT Linux users would come up with that. Wolfie2K3   | 05/24/05
Only ignorant Microsux users would not... MepisLINUXuser   | 05/24/05
he didnt say netscape linuxoverwindows   | 05/25/05
The French belittled Hans Guderion osreinstall   | 05/24/05
Oops the name is Heinz Guderian osreinstall   | 05/25/05
Put the backup disc in and restore the files osreinstall   | 05/24/05
How dare you come up weith a logical and easy solution? startiger   | 05/24/05
Why don't you look about 16 'main' posts back... MepisLINUXuser   | 05/24/05
But you said I was going to be a busy boy osreinstall   | 05/24/05
Well geeze, get all technical why... MepisLINUXuser   | 05/24/05
A Rose by any other name is still a Rose johni123   | 05/24/05
They should have listened to Steve thebug_z   | 05/24/05
Thugdom ala High Tech. Fusion_z   | 05/24/05
Responsible for what ??? COOLRUNR   | 05/24/05
But IT Scion   | 05/24/05
Backup! agottschald   | 05/24/05
FireFox IceTheNet@...   | 05/24/05
trojan-spy.HTML.smitfraud.c jameskeirn   | 05/24/05
As Usual, Bitty Is Absent With His Commentary itanalyst   | 05/24/05
One more reason to backup your data GentooJava   | 05/24/05
linux over windows Network Support   | 05/24/05
nice subject line :P linuxoverwindows   | 05/25/05
Microsoft Windows users can't complain IT-sys   | 05/24/05
Flawed Scrat   | 05/25/05
Vily, are you there?..... Vily? Vily? mlindl   | 05/25/05
Simple backup solve this mh_z   | 05/25/05
This is Suicide! ER4sUrf312   | 05/25/05
Pay the rensom, then bill Micro$oft for reimbursement kelliman   | 05/25/05
But you already have Apple and Linux FilledOut   | 05/26/05
Blame? Reverend MacFellow   | 05/25/05