The Slobodan and Cry-Zip viruses | ||
|
Posted 19 March 2006
The "Slobodon is Dead" Trojan is another example of the
script kiddies picking up current news to spread their work. The infected email
comes in with the title "Slobodan Milosevic was killed" with an attachment that
claims to prove the war crimes suspect was murdered. That attachment is actually
a "dropper" Trojan which doesn't cause any damage itself, but allows more malware
onto your computer.
The type of program a dropper might sneak onto your system
is the PBancos
keylogger. This is a new type of keylogger that also tries to capture your
mouse clicks and your stored passwords. This is part of a worrying trend where
we see virus writers, spyware companies and organised crime coming together.
The most worrying example of this trend the Cry-Zip
or Zippo virus that drags all your data into an encrypted zip file. It then
demands you pay $300 US to get the password and your files back. While it's
a fairly crude technique, this sort of tactic may well work in the future.
Cry-Zip itself isn't much to worry about given it has been
cracked and the perpetrator's websites shut down, but we may well see this tactic
being used by the more malicious script kiddies and virus writers. Encrypting
someone's data is particular nasty trick and might leave someone with the data
effectively wiped. It's all the more reason to take
backup seriously.
Thankfully we've not seen any major outbreaks of these or
any other viruses this month. But it always pays to keep your system up-to-date,
have current antivirus and spyware programs and a firewall that warns you when
the bad guys try to get in or out of your system, all these things are listed
in our Computer Protection Kit. Avoiding
opening things like "Slobodon was killed" is a good idea as well.
info@pcrescue.com.au
PC Rescue Pty Ltd, Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 36 082 635 765
ŠTechnology Publishing Australia, 2008