Cryzip Trojan Encrypts Files, Demands Ransom

Virus hunters have discovered a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password. The Trojan, identified as Cryzip, uses a commercial zip library to store the victim’s documents inside a password-protected zip file and leaves step-by-step instructions on how to pay the ransom to retrieve the files.

It is not yet clear how the Trojan is being distributed, but security researchers say it was part of a small e-mail spam run that successfully evaded anti-virus scanners by staying below the radar.

While this type of attack, known as “ransomware,” is not entirely new, it points to an increasing level of sophistication among online thieves who use social engineering tactics to trick victims into installing malware, said Shane Coursen, senior technical consultant at Moscow-based anti-virus vendor Kaspersky Lab.

The LURHQ Threat Intelligence Group, based in Chicago, was able to crack the encryption code used in the Cryzip Trojan and determine how the files are encrypted and the payment mechanism that has been set up to collect the $300 ransom.

According to a LURHQ advisory, Cryzip searches an infected hard drive for a wide range of widely used file types, including Word, Excel, PDF and JPG images.

Once commandeered, the files are zipped and overwritten the text: “Erased by Zippo! GO OUT!!!”

The Trojan then deletes all the files, leaving only the encrypted file with the original file name, followed by the “_CRYPT.ZIP” extension.

A new directory named “AUTO_ZIP_REPORT.TXT” is created with specific instructions on how to use the E-Gold online currency and payment system to send ransom payments.

The instructions, which are marked by misspellings and poor grammar, contain the following text: “Your computer catched our software while browsing illigal porn pages, all your documents, text files, databases was archived with long enought password. You can not guess the password for your archived files – password lenght is more then 10 symbols that makes all password recovery programs fail to bruteforce it (guess password by trying all possible combinations).”

The owner of the infected machine is warned not to search for the program that encrypted the data, claiming that it simply doesn’t exist on the hard drive.

“If you really care about documents and information in encrypted files you can pay using electonic currency $300,” the note says. “Reporting to police about a case will not help you, they do not know password. Reporting somewhere about our E-Gold account will not help you to restore files. This is your only way to get yours files back.”

The Trojan author uses scores of E-Gold accounts simultaneously to get around potential shutdowns, according to LURHQ, which published the complete list of E-Gold accounts in the advisory.

Officials from E-Gold, which operates out of the Caribbean island of Nevis, were not available for comment.

“Infection reports are not widespread, so it is not believed this is a mass threat by any means,” LURHQ said. However, the company said social engineering malware is typically more successful when it is delivered in low volume to get around anti-virus detections.

“[M]ore attention means the likely closing of the accounts used for the anonymous money transfer,” LURHQ said.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

http://www.eweek.com/article2/0,1759,1937408,00.asp

Posted in Internet, Privacy, Security | No Comments

How Much Does Google Know About You?

Want to know what’s going on in someone’s mind? Look at the words they enter in their favorite search engine. Fortunately, that information is private, right? Maybe not.

If you use Google, for instance, and are not blocking cookies, the search engine likely has placed a cookie on your system that won’t expire until 2038. That cookie lets Google track what you searched for, when you conducted the search, and which results you clicked. The cookie doesn’t identify you by name, but it does identify you by your system’s information and IP address.

This is what the U.S. government was after when it subpoenaed Google for search records of millions of random users to establish the need for a federal online pornography law. The company was fighting the subpoena as this article went to press, but AOL, MSN, and Yahoo have already given the government at least some of the kinds of data it wants.

The case highlights the sensitivity of search records in general, and Google’s in particular. The company’s position at the top of the search engine food chain means that its archives could contain years of detailed logs on what millions of users search for and where they surf. (Google has not said how long it keeps such records and didn’t respond to our requests for information on the subject.)

Fortunately, there are well-established ways to rid your PC of tracking cookies, either using your browser or one of many third-party antispyware and system cleanup utilities. For detailed instructions on cleansing private information from your browser, see this month’s Internet Tips.

But ending the privacy threat that cookies pose requires action by Web sites as well as by individuals. As storage gets cheaper, system administrators at commercial sites tend to log everything and keep the data as long as possible, broadening the window for misuse. At last December’s Usenix Large Installation System Administration conference, an Electronic Frontier Foundation attorney recommended that administrators keep only the logs they need, and destroy the rest.

If Google truly wishes to live up to its corporate motto–”Don’t Be Evil”–the company should be selective about the logs that it keeps, and should chuck everything else.

http://www.pcworld.com/howto/article/0,aid,124775,tk,spxhow,00.asp

Posted in Internet, Privacy | No Comments

How To Build The Ultimate Network

What organizations would want their networks to be, if only they had all the money, time and expertise in the world, is hardly a mystery. Indeed, in a way, the ultimate network is really about nothing more than the Olympics’ motto “citius, altius, fortius” rephrased as “faster, more efficient, more reliable.” Just how you go about building this network, however, is another thing entirely. “It exists in utopia,” says Info-Tech Research analyst Carmi Levy. “In reality, there’s no such things as the ‘ultimate’ anything. The only way to achieve it is in the lab, and even then, that’s probably not even realistic.”

Although the ultimate network exists only in theory, what is realistic is to make it a target, Levy says. The best thing any organization can do is to take a tip from Friedrich Nietzsche’s superman, whose “reach forever exceeds his grasp.”

That’s good advice, perhaps, but it begs the question of how you actually go about planning for the ultimate network, even if it’s a goal you can approach without ever actually achieving it. Is it a question of spending bundles of money — just like in the days before the dot-com bubble burst — on the hottest equipment, infrastructure and software?

http://www.networkingpipeline.com/181500227

Posted in Networking | No Comments

Microsoft Confirms Vista Editions

Microsoft has officially verified the editions for Windows Vista a week after the information leaked when it prematurely appeared on the company’s Web site.

Vista will have six core editions, four aimed at consumers and two aimed at the enterprise, says Neil Charney, Microsoft’s director of Windows product management. The consumer editions are Windows Vista Starter, Windows Vista Home Basic, Windows Vista Home Premium, and Windows Vista Ultimate; the business editions are Windows Vista Business and Windows Vista Enterprise.

The editions confirmed by Charney are the same ones listed on a Microsoft Web site last week, one the company said was being used for testing and offered “incomplete” information. The only difference between editions reported last week and the ones confirmed by Microsoft is that the starter edition–a stripped-down, low-priced version of the OS aimed at emerging markets–is branded with the “Vista” label. The Web site, which Microsoft shut down after its information appeared in published reports, said Starter would not have the Vista brand.

As expected, Microsoft plans to do away with the Windows Media Center Edition OS when it ships Vista. Instead, functionality that now is in Media Center–such as DVD playback, authoring, and burning and other multimedia features–will be included in the consumer editions Home Premium and Ultimate, Charney says. Those versions also will include TabletPC functionality, he says.

In addition, the next-generation Aero user interface will not appear in Windows Vista Starter and Home Basic. Home Premium and Ultimate are the only consumer editions with the interface, which allows users to view and flip windows three dimensionally.

Sidebar Included

All Vista editions will ship with the new Sidebar feature. Sidebar is a bar that appears on the desktop that allows user to view information–such as news, stock prices, and weather — through mini-applications Microsoft calls Gadgets. In public demonstrations of the Gadgets feature, it appears similar to the Widgets feature in Apple Computer’s Mac OS X Tiger release.

All of the mainstream consumer editions also will include the new parental controls security feature that allows parents to monitor their children’s computer and Internet use, Charney says. However, most of Vista’s enhanced security features will appear in the business editions.

Both business editions will include enhanced group policy and management features, he says. Windows Vista Enterprise will include Windows BitLocker drive and encryption, a feature that encrypts a computer’s hard drive so if a notebook is lost the data will be kept private, Charney says.

In addition, the business editions will have a new Vista peer-to-peer (P2P) collaboration feature called ShareView, which allows users to connect their computers via P2P technology to share control of PowerPoint presentations.

As posted on Microsoft’s Web site and reported last week, some editions of Vista will be released in “N” versions that do not include Windows Media Player 11, a move in compliance with European antitrust provisions. However, Charney would not confirm which editions those will be.

Microsoft plans to make Windows Vista generally available in November or December of this year.

http://www.pcworld.com/news/article/0,aid,124873,tk,dn022706X,00.asp

Posted in Windows | No Comments

Spam Mutates

Peter Shinbach recently threw in the towel and shut down Bach Door, his online-communications blog.The public relations executive from Birmingham, Michigan, was fed up with so-called comment spam. Returning from a weeklong vacation, he found a slew of comments on his blog that had nothing to do with communications: They were posts from spammers promoting gambling sites and prescription drugs.

“I’m not in this to spend hours a week cleaning up the mess spammers leave behind,” Shinbach says. Ironically, the surge in spam to his blog coincides with a decrease in spam to his inbox: Shinbach says that his desktop antispam software and his ISP’s spam filters together block about 95 percent of junk e-mail sent to his account.

Shinbach is one of many who are starting to fret more about spam on blogs, instant messages, and cell phones than about traditional unsolicited e-mail–at least in part because old-style spam appears to be losing some momentum. While the volume of junk e-mail continues to mount, it stopped growing at double-digit rates last year. Many ISPs and e-mail providers claim that they blocked more than 90 percent of unsolicited commercial e-mail.

http://www.pcworld.com/news/article/0,aid,124822,tk,dn022706X,00.asp

Posted in Internet, Privacy, Security | No Comments