FYI...
Drive-by ransomware ...
- http://nakedsecurity.sophos.com/2010...k-demands-120/
November 26, 2010 - "... new ransomware attack that appears to have hit computer users via a drive-by vulnerability on compromised websites. Malicious hackers are spreading the ransomware, which encrypts media and Office files on victim's computers, in an attempt to extort $120... The attack, which Sophos detects as Troj/Ransom-U*, changes your Windows desktop wallpaper to deliver the first part of the ransom message... Users have reported to us that they have received the attack via a malicious PDF which downloads and installs the ransomware. Sophos detects the PDF as Troj/PDFJS-ML**..."
* http://www.sophos.com/security/analy...ojransomu.html
** http://www.sophos.com/security/analy...ojpdfjsml.html
- http://www.theregister.co.uk/2010/11...rojan_returns/
30 November 2010
___
MBR Ransomware
- http://www.securelist.com/en/blog/20...MBR_Ransomware
November 29, 2010 - "... just discovered a malware which overwrites the master boot record (MBR) and demands a ransom...
UPD2: Do not use 'fixmbr' utility in case you are infected with this trojan because it will not restore your partition table and you won't be able to boot your OS. If you are infected and passwords are invalid, plug in your hard drive to a working computer and use this free tool* which will restore your MBR."
* http://support.kaspersky.com/viruses...ol2010?level=2
Oficla downloads MBR Ransomware
- http://techblog.avira.com/2010/12/01...ransomware/en/
December 1, 2010 - "... victims which are infected can use the password “aaaaaaciip” which will restore the original MBR and Windows will start again. Avira detects the malware as TR/Ransom.Seftad.A. The malicious boot sector is detected as “BOO/Seftad.A”..."