A new Trojan that encrypts data files before demanding a ransom has been discovered, after a woman in the UK was locked out of files on her Windows PC.
Arhiveus-A (also known as MayAlert), demands that victims make purchases from one of three online drug stories in return for the password to unlock files.
Anyone attempting to load one of a number of types of data files discovers that they have been zipped into an archive that throws up a ransom message:
Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password.
Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore, the Trojan announces, having deleted itself in order to make its identity harder to detect.
Contrary to some reports, the technique is not new. In March an almost identical Trojan, dubbed Cryzip, struck one UK resident who contacted Techworld after being asked to pay $300 to an e-gold account.
The encryption Trojan first reared its head in Spring 2005, when a piece of malware of Russian origin was discovered to be using the technique.
The new Trojan differs only in its demands and its passphrase form these examples. Cryzip used a directory path while, according to security company Sophos, Arhiveus-A can be unlocked after applying the randomly-generated string mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw.
"Internet hackers are getting bolder in their attempts to steal money from innocent web users. Once your valuable data is locked away you may be tempted to pay up to rescue your files, but this will only encourage more blackmail attempts in the future, said Graham Cluley of Sophos.
A distinctive element of the encryption Trojan phenomenon is its small scale, deliberately setting out to his relatively only a handful of victims. This helps it avoid publicity and therefore early detection. Cryzip and Arhiveus-A are very likely only the early stages of a new malware epidemic of small-time crookery.
Find your next job with techworld jobs