digg

Facebook Connect Join Digg About

Trojan Virus Encrypts your files, holds password ransom for $300

eweek.com A new Trojan identified as CryZip infects files on a computer by encrypting them, then demands a $300 ransom for the password to unlock the files.

Who dugg this? Made popular Mar 14, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

126 Comments

show profanity settings
expand all
  • Sparklehorse, on 10/12/2007, -0/+79The password is:

    * C:Program FilesMicrosoft Visual StudioVC98


    Because this string often appears inside projects compiled with Visual C++ 6, the author likely figured anyone who found the infecting DLL and examined its strings looking for the password would simply overlook it.

    http://www.lurhq.com/cryzip.html for more info
  • Godric, on 10/12/2007, -9/+59This is almost as bad as the trojan that converts all your documents to .doc and forces you to buy Word.
  • johnsto, on 10/12/2007, -0/+46Right, I'm going to create my own version of this trojan and charge only $250. Hopefully people will realise I offer the better deal.
  • jonrad, on 10/12/2007, -4/+37It's also easily decrypted once viewing the source code of the virus.
    Think about it, the virus, which you can easily get the source of (That is the point of a virus, to spread) has to have a mechanism of encrypting the files. If the password is random, then the extortion won't work. So it's not random, so it must be in the virus itself. Disassemble and that's it. F-secure's weblog ( http://www.fsecure.com/weblog ) has more on it from a few months ago. They're virus scan also decrypts the files for you and I assume other virus scans do the same.

    This only works on uneducated people... so only about 98% of the population is affected.
  • shitfish, on 10/12/2007, -3/+36there must be a way to track where that 300$ would go to
  • bitt3n, on 10/12/2007, -6/+39I opened "Don't Open Anything From an E-mail You Idiot.exe" and it encrypted all my files.
  • nazsco, on 10/12/2007, -8/+35and brute forcing the crypt could get YOU in jail, thanks to the DMCA
  • Beanlover, on 10/12/2007, -5/+28Good backups would defeat this in a heartbeat. Too bad no one ever backs up their own data.
  • Discourses, on 10/12/2007, -3/+26There's this new product out, it's called "Don't Open Anything From an E-mail You Idiot."

  • KissTheRing, on 10/12/2007, -2/+24yeah, my secondary computer is a Windows MCE PC but right now I'm trying out using a combination of strong firewalling and smart surfing but no anti-virus. It is great, huge difference in speed; it's kind of like not wearing any underwear, very free and exciting.
  • LMNOP, on 10/12/2007, -2/+20finally, black hats have a business model
  • MrMagic, on 10/12/2007, -3/+21DMCA is an American Law and doesn't effect me.
  • plamoni, on 10/12/2007, -11/+28And this is why traceless has no friends. :-)

    http://digg.com/users/traceless/friends
  • pcgeek101, on 10/12/2007, -8/+24traceless, could you stop spamming your website on digg? Not everyone wants to see a link to your empty forum 20 times a day *block*
  • sundancekid503, on 10/12/2007, -3/+17#$momwerrW$#%%2/3.4..5345345.,3234l,;l,-5=-=-dDDFKPWKDcCEP

    If you want to read my encrypted comment, send me $300
  • danl_4, on 10/12/2007, -0/+11You know what, I bet he never thought of that. Virus writers are such upstanding members of society that I'd bet he never would have written it if he had known.
  • sundancekid503, on 10/12/2007, -1/+10@sibertank

    Sorry, I only accept Western Union transfers to my Nigerian account
  • fantasticFlan, on 10/12/2007, -3/+11Only if the virus is protecting your data from copyright violation.
  • Sibertank, on 10/12/2007, -0/+7Do you accept visa?
  • Truegod, on 10/12/2007, -1/+8If they haven't learned by now, they probably never will.
  • iammattchew, on 10/12/2007, -4/+10What is it going to take to teach people to not open unsafe attachments!
  • Truegod, on 10/12/2007, -1/+7Blackhat got a bussiness model years ago, it's called SPAM bots.
  • dougmc, on 10/12/2007, -0/+6`Black hats' have had a business model for a long time now ...
    -- spam pays
    -- `0-day' vulnerabilities are auctioned off
    -- If you don't pay us $10K, we'll DDoS your web site.
    (aka `That's a nice web site. It would be a shame if something ... happened to it.')
    -- Psst ... wanna buy Microsoft NT source code?
    -- Brokeback Mountain on DVD ... only $2.99!
    -- DVD of all Microsoft software ... only $19.99!
    -- HELLO. I AM NABUL GIRARDI OF NIGERIA. RECENTLY MY FATHER DIED AND LEFT
    A SIZABLE ESTATE, AND I NEED YOUR HELP.
    ...
    You get the idea -- and this is a seriously abridged list.
  • Zippo, on 10/12/2007, -1/+6*reads http://www.lurhq.com/cryzip.html*
    Oh *****, I have nothing to do with this, I swear!
  • inactive, on 10/12/2007, -0/+5I remember a while back digg would insert backslashes into comments for certain characters.

    use double backslash? \\
    must be a php thing.

    C:\Program Files\Microsoft Visual Studio\VC98
  • plamoni, on 10/12/2007, -2/+7It would still stink for me though, I (like many others) do my backups to a network drive using a synchro-tool and windows file sharing over my local network. It makes recovery very easy if my drive were to fail, but if a virus like this hit me, I would assume it would probably find the mapped network drive and encrypt the backups also. Which would stink. Maybe I need to rethink my backup scheme.
  • NeoTSN, on 10/12/2007, -3/+7Albeit a new article, this happened several months ago, and was reported on CNN: http://www.cnn.com/2005/TECH/internet/05/25/ransomware/index.html
  • EDantzer, on 10/12/2009, -0/+4man, that's just pure evil, luckely if you McAffee that might already have deleted the files for you.
  • snapya, on 10/12/2007, -2/+5Warning:
    You have entered an invalid username. : It looks like traceless does not exist http://digg.com/users/traceless
  • heymark, on 10/12/2007, -0/+3Does a scheme like this actually work for the trojan-maker?
  • travisxt97, on 10/12/2007, -1/+4The extortion could still work if the password is random. The virus writer would get at least a few payments before people realized he wasn't sending them the password back...
  • truspector, on 10/12/2007, -0/+3Does Sony prefer check, credit card or money order?
  • elnerdo, on 10/12/2007, -0/+3Oh, I see. It always has to be guys, hmm?
  • sorti, on 10/12/2007, -1/+4What we need is cheaper ransomware $300 is too much to pay.

    Everyone who makes this kind of software should put in the EULA that this will happen people will click on it and never read the EULA and the person who wrote the software can say it’s in the license agreement they signed to install my Trojan.
  • Darth_tater, on 10/12/2007, -3/+6^ lucky!
  • john117, on 10/12/2007, -2/+4in Soviet Russia, that is.
  • solusdotipse, on 10/12/2007, -3/+5But if you have Linux it actually sends you $300
  • takeda, on 10/12/2007, -2/+4Looks like digg's comment system has problems with backslashes...
  • tempusrob, on 10/12/2007, -2/+4Nonsense. The virus creator would have to be pretty dumb to atteempt to bring a lawsuit against someone when he himself is a criminal. Furthermore, even if he didng bring suit no court would hear it since even if it *is* a DMCA violation to brute force it, the brute forcing is done in an attempt to avoid financial duress.
  • dclowd9901, on 10/12/2007, -2/+4sparklehorse for president.

    On a more relative note, where exactly do you send the $300? Do you just go to a website? Send a check in the mail? I'd like to know exactly how this hacker decided to execute the part of the procedure that would most likely get them caught.
  • toastgodsupreme, on 10/12/2007, -0/+2Yay! Now I can get my files back on lay away!

    Only 3 more payments to go...
  • XSforMe, on 10/12/2007, -0/+2More like when are sys admins going to learn to block dangerous attachments? Seriously, what business do scr, pif, dll, exe and other forms of nasty file extensions have to do floating around in an email?
  • inactive, on 10/12/2007, -2/+4The guy(s) who made this trojan should be hunted down and killed.

    Seriously.
  • perral1, on 10/12/2007, -0/+2Maybe some businesses should block this, but I find exe blocking quite annoying in GMail. I am currently writting a small game, and I have a friend that helps me w/ the graphics. Obviously he wants to be able to see the game, but I can't email it to him easily because GMail won't let me.

    -Perral1
  • tempusrob, on 10/12/2007, -0/+2"strong firewalling and smart surfing but no anti-virus"

    Has worked well for me for about 4 years now. Not a single problem in that time. And I know this because at one point I *did* install virus/malware scanning software just to see if anything came up.
  • R4wBon3, on 10/12/2007, -0/+2Yeah, it's the same business model they've had for years: Make $0. There is no way the creator intended to make any coin off of this; this is yet another tag on the wall of the suburban internet.
  • casiotone, on 10/12/2007, -0/+2I have the cipher key and will sell it for only $100!
  • inactive, on 10/12/2007, -0/+2Ok, the girls too. Hunted down and killed. ;-)

    See? Didn't think I was going to say that, huh.
  • inactive, on 10/12/2007, -0/+1you blinked first
  • Fetching more discussions...
    Show 51 - 100 of 127 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.