Web Infection Holds Computer Files Hostage
By TED BRIDIS, AP Technology Writer 11 minutes ago
Computer users already anxious about viruses and identity theft have
new reason to worry: Hackers have found a way to lock up the
electronic documents on your computer and then demand $200 over the
Internet to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the
unusual extortion plot when a corporate customer they would not
identify fell victim to the infection, which encrypted files that
included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker
using the address later demanded $200 for the digital keys to unlock
the files.
"This is equivalent to someone coming into your home, putting your
valuables in a safe and not telling you the combination," said Oliver
Friedrichs, a security manager for Symantec Corp.
The FBI said the scheme, which appears isolated, was unlike other
Internet extortion crimes. Leading security and antivirus firms this
week were updating protective software for companies and consumers to
guard against this type of attack, which experts dubbed "ransom-ware."
"This seems fully malicious," said Joe Stewart, a researcher at
Chicago-based Lurqh Corp. who studied the attack software. Stewart
managed to unlock the infected computer files without paying the
extortion, but he worries that improved versions might be more
difficult to overcome. Internet attacks commonly become more effective
as they evolve over time as hackers learn to avoid the mistakes of
earlier infections.
"You would have to pay the guy, or law enforcement would have to get
his key to unencrypt the files," Stewart said.
The latest danger adds to the risks facing beleaguered Internet users,
who must increasingly deal with categories of threats that include
spyware, viruses, worms, phishing e-mail fraud and denial of service
attacks.
In the recent case, computer users could be infected by viewing a
vandalized Web site with vulnerable Internet browser software. The
infection locked up at least 15 types of data files and left behind a
note with instructions to send e-mail to a particular address to
purchase unlocking keys. In an e-mail reply, the hacker demanded $200
be wired to an Internet banking account. "I send programm to your
email," the hacker wrote.
There was no reply to e-mails sent to that address Monday by The
Associated Press.
FBI spokesman Paul Bresson said more familiar Internet extortion
schemes involve hackers demanding tens of thousands of dollars and
threatening to attack commercial Web sites, interfering with sales or
stealing customer data.
Experts said there were no widespread reports the new threat was
spreading, and the Web site was already shut down where the infection
originally spread. They also said the hacker's demand for payment
might be his weakness, since bank transactions can be traced easily.
"The problem is getting away with it - you've got to send the money
somewhere," Stewart said. "If it involves some sort of monetary
transaction, it's far easier to trace than an e-mail account."
Details: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID194
Copyright 2005 The Associated Press.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
[TELECOM Digest Editor's Note: But, as some of our Bright young
readers would explain, "on internet there is no consensus on what
is, and is not malicious." Or as another reader would explain, "there
is no such thing as an internet; just a collection of sites, and
we cannot tell another site how to operate." And the Bright young
reader concurs, "nor does anyone on the net want things any
different". PAT]
Lisa Minter (lisa_minter2001@yahoo.com)