The Slobodan and Cry-Zip viruses

Posted 19 March 2006

The "Slobodon is Dead" Trojan is another example of the script kiddies picking up current news to spread their work. The infected email comes in with the title "Slobodan Milosevic was killed" with an attachment that claims to prove the war crimes suspect was murdered. That attachment is actually a "dropper" Trojan which doesn't cause any damage itself, but allows more malware onto your computer.

The type of program a dropper might sneak onto your system is the PBancos keylogger. This is a new type of keylogger that also tries to capture your mouse clicks and your stored passwords. This is part of a worrying trend where we see virus writers, spyware companies and organised crime coming together.

The most worrying example of this trend the Cry-Zip or Zippo virus that drags all your data into an encrypted zip file. It then demands you pay $300 US to get the password and your files back. While it's a fairly crude technique, this sort of tactic may well work in the future.

Cry-Zip itself isn't much to worry about given it has been cracked and the perpetrator's websites shut down, but we may well see this tactic being used by the more malicious script kiddies and virus writers. Encrypting someone's data is particular nasty trick and might leave someone with the data effectively wiped. It's all the more reason to take backup seriously.

Thankfully we've not seen any major outbreaks of these or any other viruses this month. But it always pays to keep your system up-to-date, have current antivirus and spyware programs and a firewall that warns you when the bad guys try to get in or out of your system, all these things are listed in our Computer Protection Kit. Avoiding opening things like "Slobodon was killed" is a good idea as well.