Trojan attack takes files hostage

May 25, 2005


SecurityFocus HOME News: Trojan attack takes files hostage: "The Trojan downloader (download-aag AKA Pgpcoder) exploits a well-known Internet Explorer vulnerability (MS04-023) to download hostile code onto vulnerable Windows boxes. It then searches for files with various extensions and encodes them. The original documents are deleted and the newly encoded files become unreadable. The malware also drops a message onto the system with instructions on how to buy the tool needed to decode the files, demanding payment of $200 from victims if they ever want to see their documents again. "

I'm in the wrong business. This seems to be the first of it's kind in the fact that your files are held for ransom, and I expect in the upcoming years that this type virus will become commonplace. Another reason why backups are a Good Thing. But for all of you who don't back up your files, have fun with this one.