Malware writers have a new angle: software that freezes a computer, and then holds your files to ransom - demanding payment by Western Union money transfer.
A sample of Troj/Ransom-A was sent Wednesday to security vendor Sophos, said Graham Cluley, senior technology consultant. The malware, which Sophos named Troj/Ransom-A, is one of only a few examples of so-called "ransomware", which asks for a ransom in exchange for releasing control of a computer, Cluley said.
Ransomware has been seen in Russia, but the first one appeared in English just last month, said Cluley: "It is a new kind of malware with a particularly nasty payload." .
Sophos is investigating how the Trojan is being spread, but likely paths are through spam or a so-called drive-by download that exploits a browser vulnerability when a user visits a malicious Web site.
Once run, the Trojan freezes the computer, displaying a message saying files are being deleted every 30 minutes. It then gives instructions on how to send US$10.99 via Western Union to free the computer.
Hitting the control, alt and delete keys will not affect the bug, the virus writer warns. Sophos provides further details.
Strangely, the virus writer even offers tech support, Cluley said. If the method of unlocking the computer doesn't work after the money is sent, the virus writer promises to research the problem and includes an e-mail address.
Last month, a Trojan emerged that encrypts a user's documents and then leaves a file demanding $300 in exchange for the password to access the information. Victims were instructed to send money to one of 99 accounts run by e-gold, a company that runs a money transfer site.
The password, however, was contained on the infected computer. Sophos cracked it and publicly released it.