Trend Micro detected a Trojan called TROJ_FAKEALE.BG that spreads via scareware, fake anti-virus scams designed to fool people into thinking their computer is infected so they'll pay to download a program to get rid of it.
That's bad enough, but in this latest innovation on the scareware theme, "AntiVirus2009," as it is most commonly called, informs the victim of corrupted document files, all of which can be uncorrupted for another $50 via a download of "File Fix Professional."
Unlike the fake scan of the victim's computer in the initial scam where fictional viruses are found to better sell the antivirus download, this virus actually locates documents and encrypts them. They'll not be unlocked until the user ponies up.
Just to highlight what jerks the guys that designed this are, after payment unlocks the document files, the Trojan just finds them again and re-encrypts, starting the process all over again.
Luckily there are good guys on the scene. Over at the BleepingComputer forum, instructions and a removal tool for FileFix have been posted. While it only removes and does not decrypt, another tool and instruction set was posted to recover the documents.
Back in 2005, ransom-ware was relatively easy to trace and the amounts sought were generally much bigger. Hackers are more decentralized now and this process, obviously, is more automated. The attacks are also targeted toward less computer savvy victims who unwittingly drop $50 or $100. Enough victims like these and they make up for bigger, one time heists.
No comments:
Post a Comment