Computer Crime Research Center


Trojan freezes PCs

Date: April 28, 2006
By: Frank Washkuch Jr.

A new type of ransomware, which freezes an infected PC and then demands affected users send the hacker money via Western Union, has emerged, according to security experts.

The trojan, called Troj/Ransom-A by Sophos, creates a number of new .exe files on a Windows operating system, then tells users that deleted files are saved in a hidden directory and will be replaced during uninstallation, according to Sophos.

"(1) files are being deleted every 30 minutes," the trojan tells affected users.

Sophos was unsure how the trojan was being spread, according to published reports.

The trojan displays pornographic pictures while telling users that malware will continue to multiply - deleting critical files from numerous programs - "until your computer is fried to a pulp."

To receive a fix, PC users are told to go to Western Union and fill out a Swiftpay form for $10.99 to the hacker. The receipt will contain a CIDN number that will begin the uninstallation process when entered into the affected PC, according to Sophos.

The hacker even offers to help users with faulty uninstall software, asking that users send problems to a Yahoo email address.

A recent report by Kaspersky Lab said criminal gangs moved away from the "stealth use" of infected computers to stealing personal information for blackmail during the first three months of 2006.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo