In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information.
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.
Even though this type of attack is not widespread at this point, Internet users should be aware of the threat, said Oliver Friedrichs, a senior manager at Symantec Security Response. "It is certainly concerning. This is the first time that we have seen cryptography used in this type of attack to hold your information hostage," he said.
"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.
Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office files. It then encrypts the files, removes the originals and drops a note asking $200 (£109) for the encryption key, Friedrichs said.
A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.
Attackers could use email, a Web site, or other means to distribute the Trojan.Pgpcoder and launch a widespread extortion campaign, Symantec's Friedrichs said.
Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."
For protection, users should run security software and make sure that their software is patched, Websense and Symantec said. The Internet Explorer flaw exploited to attack the user in the Websense case was patched in July last year.
The Websense customer was victimised two weeks ago. The Web sites involved in the attack have since been taken down.
Talkback
Serves you right for using Windows. Switch to something more inherently secure (GNU/Linux is a good choice), and you'll be much, much better off. These days, GNU/Linux is easier to use, and security patches are generally more quickly forthcoming than those from Microsoft.
<p>
<p>
This is one major advantage of code developed under a Free and Open license. The code is typically better in the first place, and fixes for it can be written by anybody in the world with an Internet connection. It's one reason why MITRE's report a few years ago about Free and Open Source Software in the US Dept. of Defense was particularly damning to the likes of Microsoft and Sun.
THE CHANGING FACE OF EXTORTION
The offence of extortion is not new but in existence from long time. The same has, however, taken different shades and ramifications. Under the traditional Penal law the offence of extortion is completed the moment an offender intentionally puts any person in fear of “any injury” to that person, or to any other, and thereby dishonestly induces the person so put in fear to deliver to any person any property or valuable security, or anything signed or sealed which may be converted into a valuable security . The expression “injury” denotes any harm whatever illegally caused to any person, in body, mind, reputation or property . The modern form of extortion is totally different from its traditional counterpart. The hackers have found a way to lock up the electronic documents on any person’s computer and then demand $ 200 over the internet to get them back. The modus operendi is very simple. The files and documents are encrypted after hacking the computer of the victim. A ransom note is left behind that contains a contact address in the form of e-mail address. Once contacted, a demand of $ 200 is made to “unlock” the files and documents .
It is interesting to observe how countries will react to this problem. They may enact a new law or they may use the purposive interpretation. It must be appreciated that it is not the “enactment” of a law but the desire, will and efforts to accept and enforce it in its true letter and spirit, which can confer the most strongest, secure and safest protection for any purpose. The enforcement of these rights requires a “qualitative effort” and not a “quantitative effort”. The nature of internet makes it very difficult to control and regulate. The legal systems of all the countries of the world have felt this “vulnerability” of the internet. Thus, enacting lot of laws will not serve any purpose. The requirement of the hour is the dedicated enforcement of the “existing laws” instead of pointing towards the “inadequacies” of the same. The Courts are required to use the “purposive and updating interpretation” while interpreting the provisions of the IT Act, 2000. If at all the requirement of liberal use of purposive and updating interpretation is felt it must be for interpreting the provisions of the IT Act, 2000.
Some young guy - have you ever heard of a company called Secunia? If not, Google it and subscribe. It may open your eyes as well as your source, to find that I guess 90% of Advisories are concerned with Linux in all its forms. The vulnerabilities are frightening, to say the least.
No, I don't use IE, nor OE any more. I use Firefox and Thunderbird instead - Windows versions. Very few advisories come my way, and those that do are usually easily sorted.
Regards, MOTS :-)