Zippo Trojan Horse Demands 175 Pounds For Victims’ Encrypted Data, Sophos Reports

Sophos experts crack password used in criminal attack

Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, have warned users about a Trojan horse that encrypts victims’ computer data, and then attempts to extort a ransom of 300 US dollars (175 GBP).

The Zippo-A Trojan horse (also known as CryZip) searches for files on innocent user’s computers such as Word documents, databases and spreadsheets, and moves them into password-encrypted ZIP files. It then creates another file informing the affected user on how they need to pay 300 dollars to an eGold account to recover their data.

“The Zippo Trojan horse is bold as brass – scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have ‘kidnapped’ your files. Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash,” said Graham Cluley, senior technology consultant for Sophos. “In the old days malware was typically written by teenagers who wanted to show off to their mates. Now most of the viruses and Trojan horses we see are being written with the intention of making money from innocent internet users. The attacks are becoming more organised and more malicious, which is why every computer needs to be properly defended.”

Sophos experts who have analysed and disassembled the Trojan horse have determined that the password used to encrypt users’ data is – ‘C:\Program Files\Microsoft Visual Studio\VC98’.

“There should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it,” continued Cluley.

Sophos strongly recommends that companies protect their email gateway with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.

For more information, including a picture of the ransom note left by the Zippo Trojan horse visit:

http://www.sophos.com/pressoffice/news/articles/2006/03/zippo.html




Share this