The creators of the Cryzip extortion Trojan did not benefit from the fraud, Internet payment company e-gold has claimed.
Criminals are believed to have set up a number of accounts at the company in order to receive funds extorted from users in return for decrypting data files scrambled by the Trojan.
A spokesperson for e-gold said that the accounts had been detected and suspended before any funds had been received.
Our investigators, through their normal reviews, detected multiple suspicious accounts. All were blocked from receiving payment very shortly after they were created, the company said.
The spend history on those accounts reveal only very nominal spends that appear to be "test spends" done to ensure the accounts were initially open. It is possible that an illegal website may display the e-gold logo or announce an account number despite it being blocked from any ability to receive e-gold payments.
It is still not clear how the Trojan spreads, but rogue websites or an infected email attachment are likely culprits. Once a PC has been infected, all data files on the machine using a range of file extensions are encrypted in a zip directory. On clicking on this directory, users are presented with a demand for $300 in return for providing a passphrase to access the files.
Last week, Techworld was contacted by a member of the public who had fallen victim to the Trojan. All data files and backups for his small business had become inaccessible, and he said he had considered paying the $300 being demanded by the criminals. At that stage, it is likely that no anti-virus software could have been guaranteed to detect the Trojan to prevent infection.
E-gold, meanwhile, underlined that it does not wish to be seen as a favoured conduit for racketeering of this kind.
Detailed spend records are maintained by e-gold. In the event we receive a legal request for specific records we will always cooperate with the authorities. e-gold does not condone in this, or any other case, persons attempting to use e-gold to support illegal activity, the spokesman said.