Thursday, March 26, 2009

New Ransomware "FileFix Pro 2009" Holds PCs Hostage

A nasty new piece of "ransomware" has been circulating the web taking PCs hostage with demands of a $50 payment for the restoration of corrupted files.

AVG Internet SecurityRansomeware (aka "scareware") is nothing new, in fact variants have been cruising the web in the form of fake antivirus programs for years. The phony AV programs which include several variants of "AntiVirus 2009" aka know as AV 2009 (the name changes yearly) have been very lucrative for hackers with some hackers reportedly making as much as $5 million a year.

With the old scams gaining attention and many sites trying to get the word out that these fake programs are actually the real culprit. The scammers had to upgrade their tactics. And it now looks like they've done just that. The newest version of "ransomware" are now posing as a "file repair application".

It all begins when a user is dupped into installing a malicous piece of software, typically from a fake active X script, a fake software update or a pop-up box. The file contains a Trojan which can then download and install other pieces of software, or carry out some malicious tasks on its own. The malicious software starts by encrypting several different document types on the infected PC. These files range from Microsoft Word .doc files to Adobe Reader .pdf documents. It also scrambles all the files in Windows' "My Documents" folder.

When an unsuspecting user tries to open one of the encrypted files the virus comes to life and an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message appears to be a legitimate "semi-official" looking notice from the operating system: "Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application," the message reads.

Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software at a price of $50.

Users who have fallen for the FileFix Pro 2009 con do not have to fork over cash to restore their files, according to other researchers, who have figured out how to decrypt the data. The Bleeping Computer site, for instance, has a free program called "Anti FileFix" available for download that unscrambles files corrupted by the Trojan. And security company FireEye Inc. has created a free online decrypter that also returns files to their original condition.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you