Trojan Demands Ransom from Victims
A new trojan is making its rounds on the Internet, freezing up victims' computers and then demanding a ransom be paid through Western Union. Called "ransomware," the viruses have been around in Russia for several months, but the first English variants appeared in March.
Sophos discovered the trojan and has named it "Troj/Ransom-A." According to the security firm, these types of viruses are fairly new. The company said it does not know at this time how the trojan is being spread, but it is investigating.
According to the description of the virus on the Sophos Web site, when the virus is run, it displays the message "Deleted files are going to be saved into a hidden directory and replaced during uninstallation. (1) files are being deleted every 30 minutes."
The trojan will also display pornographic images on the infected computer, as well as a message saying it is moving the user's files into invisible hidden folders.
Attempting to kill the process shows a picture and the following messages: "Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S."
In order to unlock the computer, the user is asked to send $10.99 via Western Union. Instructions are provided on the message that appears on the screen. The virus writer even offers tech support if the code provided to unlock the computer does not work.