25 May New Web virus could lead to lost files, extortion
Security experts are urging Web users to watch out for a new online scam – a virus that security experts say can lock up files on your computer, after which the creator demands $200 for the code to get them back.
Websense Inc. in San Diego first noticed the virus after it hit a client who visited a Web site that had been compromised. The virus used a vulnerability in Microsoft Internet Explorer to get into the user’s computer. The Web site has since been shut down, they said.
A “ransom note” was left behind with the e-mail address of someone who wanted to be paid for the keys. Because this came through the Web, it can be harder to avoid than other types of viruses. E-mail viruses can often be defeated by not opening untrusted e-mails or attachments, but if a hacker takes over a normally trustworthy Web site and uses this kind of malicious code, anyone who browses it with an unpatched Internet Explorer could be affected.
It’s a new use for what is often a security measure. Files can be encrypted so that only someone who knows the passcode or has some sort of digital key can access them, keeping them safe from prying eyes. But in this case, the encryption isn’t voluntary.