PREVIOUS ARTICLENEXT ARTICLE
NEWS
Kaspersky Lab warns against two new ransomware threats
By Hanleigh Daniels 1 December 2010 | Categories: newsAccording to security vendor Kaspersky Lab, two new highly dangerous ransomware programs are spreading across the internet that could potentially wipe data from unsuspecting browsers’ PCs.
One of these malicious programs is a new variant of the GpCode Trojan. It targets files with a wide variety of widely used extensions (including doc, docx, txt, pdf, xls, jpg, mp3, zip, avi, mdb, rar as well as psd) and encrypts them without the user’s authorisation. The corresponding Trojan-Ransom.Win32.GpCode.ax signature was added to Kaspersky Lab’s antivirus database on 29 November.
Trojan-Ransom.Win32.GpCode.ax spreads via infected sites, exploiting vulnerabilities in Adobe Reader, Java, Quicktime Player, or Adobe Flash and unlike previous iterations of GpCode, this new Trojan doesn’t delete files after encrypting them (employing RSA-1024 and AES-256 crypto-algorithms). Instead it overwrites data in the files making it impossible to use data-recovery software to restore the deleted data.
The second ransomware program is a Trojan that infects the master boot record (MBR) of a compromised computer. Two signatures were added to Kaspersky Lab’s antivirus databases: Trojan-Ransom.Win32.Seftad.a for the dropper and Trojan-Ransom.Boot.Seftad.a for instances when the MBR is infected. After infecting a user’s computer, this malicious program overwrites the boot area before demanding that the computer user make a payment for a password that will restore the MBR. If an incorrect password is entered three times the infected computer reboots and the Trojan repeats its demand for money.
Users of Kaspersky Lab products with up-to-date antivirus databases are protected from both of these ransomware Trojans. The company also recommends that users regularly update all the software installed on their computers in order to close any vulnerabilities.
TAGS:
USER COMMENTS
Most Read Articles
Read
Magazine Online
TechSmart.co.za is South Africa's leading magazine for tech product reviews, tech news, videos, tech specs and gadgets.
Start reading now >
Download latest issue
Have Your Say
What new tech or developments are you most anticipating this year?
New smartphone announcements (45 votes)
Technological breakthroughs (28 votes)
Launch of new consoles, or notebooks (14 votes)
Innovative Artificial Intelligence solutions (28 votes)
Biotechnology or medical advancements (21 votes)
Better business applications (132 votes)