Thursday, March 26, 2009

New CyberTrick: A Ransom Demand

Reported by ComputerWorld.

Cybercrooks have hit on a new twist to their aggressive marketing of fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned today.

The new scam takes a different tack: It uses a Trojan horse that's seeded by tricking users into running a file that poses as something legitimate like a software update. Once on the victim's PC, the Trojan swings into action, encrypting a wide variety of document types -- ranging from Microsoft Word .doc files to Adobe Reader .pdf documents -- anytime one's opened. It also scrambles the files in Windows' "My Documents" folder.

When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as an semi-official notice from the operating system: "Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application," the message reads.

Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. Price? $50.

All of you 3 readers know this, right? NEVER, EVER, download an "update" that is not digitally signed by the vendor--whether Adobe, or MS, or Norton, or whoever.

1 comment:

M.E. said...

Don't know about the other two, but, yes, I'm aware of this. Just yesterday Spybot and McAfee fought off a Trojan attack on my laptop, but something still slipped through. Hubby ran a bunch of (legit) anti-crud software last night and fixed it all up -- no harm, no foul, thank goodness.

Today's to-do list:
Make backups of everything!