Tuesday, May 31, 2005

The data kidnappers

(Picture credit http://www.n-tv.de)
Excel-web sharing of spreadsheetsThe previous post references Bruce Schneier's discussion of "data kidnapping" malware. As reported by CNN, this malicious payload encrypts files on the victim's computer and then "holds the files hostage". A ransom note is prominently displayed on the PC, which includes an email address and a demand for $200 for the decryption key.

One of the blog comments noted the history of these sorts of "data kidnappers":

On Slashdot, there was mention of the "Casino.2330" virus that existed years ago. This virus erased the FAT (file allocation table) from the disk after copying it into memory. The virus then displayed a slot machine game and invited the user to play. The user had to win the game for their FAT to be restored. See http://www.avp.ch/avpve/file/c/casino.stm.

In 1989, a mailing consisting of a floppy disk and a license was sent to 20,000 recipients. The software on the disk provided an assessment of the user's risk from HIV/AIDS. Users were encouraged to install the software. However, a hidden mechanism in the software would encrypt and hide files on the user's system after a delay had passed. The included license warned (in very small print) of "most serious consequences" for violating the license. Users were supposed to send a license fee to a PO box in Panama for "PC Cyborg Corporation." A one-off license cost $189 and a lifetime license cost $378. Those who paid the license fee would receive a "renewal software package." The originator of the software was located but was found unfit to stand trial. See the "AIDS Diskette" entry at http://www.virusbtn.com/resources/malwareDirectory/about/history.xml.

[Regarding extortion] ...There was an incident where an individual was trying to extort money from a dairy company. They had already carried out an act of product tampering against this company. The individual demanded that bank card details for an account be embedded in an image file. This image file was to be posted on a public web site. Sometime afterwards, the image file was downloaded via an anonymity proxy service. However, the anonymity service cooperated and identified the individual who had downloaded the image. See http://www.theregister.co.uk/2004/03/24/dutch_internet_blackmailer_gets/

The data kidnappers

No comments: