Wednesday, March 13, 2013
Trojan cryptologist attacked Spain and France
In August last year, the company Dr Web reported the Trojan cryptographer Trojan.ArchiveLock. This malware uses file encryption standard archiver WinRAR. In order to spread malicious threats to use brute force to access the victim's computer via RDP. Once connected to the attacked workstation cybercriminals launch her Trojan. Obtaining control, Trojan.ArchiveLock.20 locates in one of the system folders application coder.
Trojan.ArchiveLock.20 then creates a list of files to be encrypted, and then empties the Recycle Bin, and removes stored on your computer data backups. Using a console application WinRAR coder puts user files to a predefined list in the password-protected archive, and the source data is destroyed using a special tool - recover deleted files then becomes impossible.
Password that protects the archives, can be more than 50 characters. Then Trojan.ArchiveLock.20 shows on the screen of the infected computer the message with the requirement to pay 5000 USD for the password necessary for extraction of files from archive, suggesting to address for "technical support" on one of e-mail addresses.
Now the action of the Trojan suffered a significant number of users in Spain and France: over the past 48 hours technical support "Doctor Web" asked dozens of victims Trojan.ArchiveLock.20, and these requests are coming. Despite the fact that the screen is shown on the infected computer hackers message saying that it is impossible to guess the password to the archive, because of the applied heshirovaniya sha1 often transcript and file recovery is possible, as the company Dr Web reported in August 2012 .