New Trojan encrypts files but leaves no ransom note

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.

Instead, a Web search for terms related to the Trojan horse leads to a company offering a way to remove the malware. The company offering the product used to charge for it but now offers it for free.

Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems running Windows 98, 95, XP, Windows Me, Vista, NT, Windows Server 2003 and Windows 2000, according to Symantec's Web site.

Computers with files that have the .vicrypt extension are infected, a Symantec researcher wrote in a blog post this weekend.

A Web search for "vicrypt help" brings up a news release for a company called Exquisys Software Technology Ltd in Mauritius offering a product called Antivicrypt that will "repair and restore" files that are "damaged." Symantec reports that the company charges for the product.

Exquisys could not be reached for comment on Monday, which happens to be a national holiday in that country.

Meanwhile, Symantec is offering a free tool to decrypt the encrypted files.

However, there is a chance that an affected computer will not have access to the Internet to search for any tools, free or otherwise. If a file in the Windows system folder has recently been opened, all the files in the system folder will be encrypted and the user may be unable to access the Internet, Symantec said.

When the Trojan is executed it searches for files in MyDocuments, Desktop and Application Data\Identities and renames them with a .vicrypt extension. Then it looks for links in the Recent folder and renames all the files in the folders that are pointed to by links there and encrypts the head section of each file.

It then displays this warning: "Vicrypt error! Please Restart Windows."

This shows a screen from a computer infected with the Ramvicrype Trojan, which encrypts data to be held hostage for payment.

(Credit: Symantec)

Correction at 1:28 p.m. PST: This post initially misstated the price of the Anticrypt software. Exquisys no longer charges for it.

Updated at 12:25 p.m. PST: with Monday being a holiday in Mauritius.

[aaanandhismini]

LOL. Windows a bag of hurt. When will people realize there is choice in OS not just in hardware between Dell, HP, Acer, Lenovo and so on.

Open source people.

[gerrrg]

Windows has a lot more software options available. If I was only using one computer for surfing the net and listening to music while doing work on Open Office, I'd love to stick with Linux. Unfortunately, I have software that is only available for the Windows platform, and there is no open source software equivalent.

I blame the open source programmers who haven't created equivalent open source programs to that of Autodesk's products.

[vanwahlgren]

I think that the windows OS may be considered a giant trojan... What do you think..

[Mergatroid Mania]

The basic fact of the matter is that if there were ever a mass movement of people to other operating systems, then all the malware writers would just move their attentions to those operating systems. The only saving grace for non-Windows operating systems is that not enough people are using them to make writing malware for them worth while.

That's why all those Mac vs PC Apple ads are so annoying. They only tell part of the story.

[Lerianis3]

Hey, this could happen on LINUX or OSX, so get off your BS! The only reason this is not happening on OSX and Linux right now is because they are 'also-ran' operating systems that most people DO NOT USE, so there is no 'financial incentive' to attack those OS's.

I've also tried Linux.... it's too 'command-line only' for my tastes, to be blunt. Installing things: command-line. Installing devices: command-line. Need I go on? Until Linux is 'plug-and-play' like Windows, no one outside of techies are going to want to use it.

[snost0rm]

When did you last use Linux? This is 2009. You can easily install software without the command line. And more devices work plug-and-play in Linux than in Windows. Granted, if something doesn't work plug-and-play, a driver is harder to find than the equivalent Windows driver. But on every device I've ever tried (Various sound cards, graphics cards, motherboards, cameras, a Wacom tablet, etc.), it's worked out of the box.

Don't comment on an OS when you last used it five or even three years ago. That's like saying Windows is worthless after only trying Windows 3.1.

And no, this can't happen in Linux, or at least not all of it. Of course, it could easily encrypt your home directory. But it can't touch anyone else's home directories, or any system files. Also, it'd be waaayy harder for it to get executed in the first place - considering AppArmor, executable permissions, and various other countermeasures.

And don't let me hear that market share argument again. Counting servers and mobile devices, Linux is by far the most popular OS in the world.

[Gold_Storm_Mac]

lol...windows plug and play?

[CDubber]

I thought Windows malware was just a myth invented by Apple's "I'm A Mac" ads?

Guess not.

Better update your virus scanners, Winbots.

[Lerianis3]

When did I last use Linux....... 2 months ago. And it's still TOO COMMAND-LINE ONLY, period and done with! Even as a 'techie' user, I have to say that. To be blunt.... when I plug in a device, I want it to immediately install. When I want to install a program, I don't want to have to worry about 'compiling packages'..... I just want to double-click and RUN!

Linux needs to realize this and stop expecting people who wish to use it to be 'extreme techies'. That's the bottom line here.
I've even RECOMMENDED that some companies go to Linux because they just need internet boxes and e-mail boxes..... and they don't wish to because IF THEY NEED ANYTHING ELSE IN THE FUTURE..... Windows gives them the option of EASILY adding things.

[Lerianis3]

by CDubber November 2, 2009 2:55 PM PST
I thought Windows malware was just a myth invented by Apple's "I'm A Mac" ads?

Guess not.

Better update your virus scanners, Winbots.
_____________________________

Need I remind you, *******, that Apple says to use antivirus on OSX now? So, malware is not just a problem with Windows.... it's a cross-OS problem.

[baconstang]

Riiiight.

[n3td3v]

Symantec blog:

"Trojan.Ramvicrype does not make a direct demand for cash in return for keys. How are they making their money here? It turns out that entering the term ?vicrypt? into a search engine leads us to a company offering a fix, which of course is a charged service. So, there was a reason for that file extension after all."

The "Antivicrypt" tool from Exquisys is a free download, so there is no money being made. Where is the "charged service"?

[elinormills]

The story has been corrected to reflect the fact that the company used to charge for the software but now offers it for free.

[n3td3v]

@elinormills

by T_Hoff November 2, 2009 12:30 PM PST

The free download is a trial version that will decrypt a maximum of seven (7) files. If you have more files than that, you need to buy the full version for $29.

http://news.cnet.com/8618-27080_3-10388541.html?communityId=2134&targetCommunityId=2134&blogId=245&messageId=8570505&tag=mncol;tback

[ryanoq]

cnet - over the past months everythime I read an article it is full of crap. DO YOUR RESEARCH!!
The Antivicrypt tool from Exquisys is free!

Do you have fact checkers or editors?

Stop regurgitating GARBAGE in place of articles.

You guys have really gone down hill.

[stevekurtzjr]

This is rediculous. Just us a mac and don't worry about this crap.

[jackmalocha]

I guess Macs don't have spellcheck?

[razor.rodriguez]

Apparently, you don't have to be literate to own a Mac! What happened? Your Mac spell checker not working?

[Mergatroid Mania]

You'll start worrying about it if Macs ever get anywhere near the number of users that Windows computers have. Since they're off in the sidelines though, the malware writers don't notice them. Consider yourself lucky, and maybe in your own interest you should stop telling people to switch to a Mac.

[Lerianis3]

The only reason that Mac's don't have this 'crap' is because they are still also-ran computers. Once OSX gets more than say....... 15% marketshare, you will see malware for it EXPLODE since according to security researchers it is MORE insecure than Windows XP even!

[Regulator7]

"us" is a word. The OP needs a grammar checker, not a spell checker. ;-)

[T_Hoff]

@ Regulator7

"rediculous" is not a word.

[Gold_Storm_Mac]

macs have spell checkers...see!

[stickfu]

Things`l be different this time... trust me....
http://www.itpro.co.uk/blogs/daveyw/2009/11/03/80-percent-of-viruses-love-windows-7/

[T_Hoff]

The free download is a trial version that will decrypt a maximum of seven (7) files. If you have more files than that, you need to buy the full version for $29.

[Mergatroid Mania]

I was going to praise Norton, but now that I see how wrong CNET is about most of the article, the praise should go to all the anti-malware companies that provided a free fix.


Once again I have to mention that I agree with ryanoq about CNET not checking their articles/sources/information.

It's pretty bad when a simple check from a user can show the author did not check the facts herself before publishing the article.

CNET, just remove this article. It doesn't even deserve to be here.

[n3td3v]

Exquisys will make far more money suing Symantec for saying they are same people who have infected folks computers with a trojan.

[tmarlow]

Am I the only person around that believes the AntiVirus folks are the ones that pay to have the viruses developed? I mean, seriously, who benefits the most from viruses and spamware and the like? AntiVirus and Anti Spamware maker!
Got virus problems? Buy our product! We can keep you virus free. Not saying it's true, but if I were an AntiVirsu company, it would be real easy to pad the bottom line by having more and more viruses out there attacking OSes.

[n3td3v]

@tmarlow

Yes, its a wide spread conspiracy belief for many a year. What raises new conspiracy for me though is the Symantec blog directly blames Exquisys for the initial trojan infection with no evidence of such involvement forthcoming. My conspiracy is, it would be very easy for Symantec to create a phony company called "Exquisys" saying they created the virus then offer an alternative fix.

[Gold_Storm_Mac]

relatively unimportant for many people.

[ilovewindowsnot]

You're wrong, and I am so tired of hearing OS X small market share is the reason for it's lack of trojans and viruses. OS 9 had over 20 known viruses with a far less market share than OS X. Just except that Windows is just not as secure, face it, it's a fact.

Now let's move on folks!

[Lerianis3]

Actually, I'm RIGHT, according to Secunia! The only reason that OSX has NO trojans and viruses is because of it's lack of marketshare. Oh, and also according to Secunia and other security researchers..... Windows Vista and 7 are the most 'secure' OS's out there right now.

[jumpjetta]

Lerianis3: Gee, I'm looking at the Secunia research papers on exploits for 2009 and Microsoft is FAR more the mentioned company than Apple:

http://secunia.com/secunia_research/

In fact, there appear to be two exploits related to Quicktime and, what, 10? related to Microsoft (many not disclosed, so could be Windows 7 for all we know). So, maybe the disclosed ones aren't the operating system, but the other dominant piece of crap they sell, Office.

And fine be me whatever the reason there are no trojans on Mac OS X. I could care less if it's due to lower market share. I'm alright with traveling through life without a huge target painted on my back.

[Dalkorian]

Um, folks ... about the only malware I've seen capable of affecting OS X to date have been trojans. No viruses and no worms, only trojans. Please look up the definition of those words ("computer virus", "computer worm" and "computer trojan") before you make yourselves look even sillier, there are some very important differences you're neglecting.

And I thought there were hundreds of viruses for OS 9, not just 20. Either way it shows that idiotic "market share" argument is never thought through before being regurgitated by the M$ apologist slaves.

[McDaveH]

"The basic fact of the matter is that if there were ever a mass movement of people to other operating systems, then all the malware writers would just move their attentions to those operating systems"

Sorry, there's no evidence for this. More Windows fantasy.

McD

[Lerianis3]

There is no evidence of this because it hasn't happened yet.... but Secunia and other security researchers AGREE with this, so it's not 'more Windows fantasy'.... it's the bottom line, MF'ing TRUTH.

[stickfu]

Most of the world`s internet traffic is directed by/through Unix boxes. So knowing that, Unix has a larger market share in mission critical applications (where the real money is) thus making them a VERY attractive target. I`m not really hearing that many of them are getting taken down by viruses.

[Dalkorian]

stickfu, don't ruin the fantasy for the apologists like that. It's really not very nice, some of them are actually incapable of thinking. I think there's a word for that ...
;-)

[gggg sssss]

problem is that norton has become petty poor at stopping cr*p like this from getting thru. Time to dump Norton and SAV

[Lerianis3]

Wrong. The fact is that NO antivirus is good at keeping these things from getting through, because usually the USER THEMSELVES has run the damned thing that does this in admin mode, thereby bypassing Norton's protections.

[lazycat202]

to all die hard Apple fan out there.

Most servers run linux and linux is in many big corporations. LINUX! oh! Apple didn't tell you that? Sorry to hear! How come hackers break in linux servers and steal our information? you think your aluminum box OSx is secured and bullet-proofed with? think about it! for real. hackers are not interested in your 13" laptops with an Apple logo on it.

[stickfu]

Learn to write, reading your gibberish gives me a headache, and here`s some education (you REALLY need it) OSX is a POSIX complaint OS, I do CLI natively..

http://en.wikipedia.org/wiki/Mac_OS_X

and that does`nt even include X11 or BSD ports.

[tacit]

The silly "viruses are written by antivirus companies" conspiracy theory is only held by people who don't actually understand the underground economy around computer viruses.

Computer viruses, many of which originate in Eastern Europe, are a hugely profitable business venture; some viruses, such a Zlob and Asprox, net millions of dollars per month for Eastern European organized crime.

There are many ways that the virus writers profit. The W32/Zlob virus changes an infected computer's name server settings to name servers controlled by Russian organized crime. This means they can see every Web site you go to, and steer you to any server of their choosing--even if your browser bar says "ebay.com" you can be on whatever server they want. You can not trust anything displayed in your Web browser's address bar when you are infected.

Other viruses install remote control software allowing the computer to be used as a mail relay. The virus writers then sell lists of infected computers to spammers. A very large percentage of spam comes from virus-infected computers.

Some malware is more direct. The phony antivirus malware that Russian organized crime sprays all over the internet pops up phony warnings of fake security threats, then charges the naive and gullible to remove the phony warnings.

Some malware installs keylogging software programmed to remain dormant until the user browses to certain Web sites, such as PayPal or bank Web sites, at which point it comes to life and transmits every Web page and every keyboard press to the virus writers.

Some malware installs remote command and control software on infected computers, which can then be used by the virus writers to create networks of compromised machines that can be used to attack other Web sites. The virus writers rent time on these networks of infected PCs to hackers who use them in extortion scams--"give us money or we'll knock your Web site offline."

Antivirus companies don't need to write viruses. There is plenty of financial incentive to do that already.

[stickfu]

+1

[szilagyic]

As to all of the comments in this thread about security, you should check out the Department of Defense reports that have recently been released on using Linux. They are actually recommending the use of open source and Linux in order to secure against software based attacks. Mainly, I'm sure the goal is to migrate away from Microsoft and avoid the security holes, viruses, spyware, etc.

http://membes.apex-internet.com/sa/windowslinux

[szilagyic]

As to all of the comments in this thread about security, you should check out the Department of Defense reports that have recently been released on using Linux. They are actually recommending the use of open source and Linux in order to secure against software based attacks. Mainly, I'm sure the goal is to migrate away from Microsoft and avoid the security holes, viruses, spyware, etc.

http://membes.apex-internet.com/sa/windowslinux

[allanregistos]

This is for: People from Windows who said Linux is a commandline only.
This is for: People who says there is no financial incentive for targeting Linux.
This is for: People who don't have a clue of the different architectures of OPERATING SYSTEMS(Windows,OSx,Unix,Linux,Solaris,Etc.)

You cannot say, Linux and Unix is less targeted because there is a little market for it:
That's probably "true", in some occasion, but the truth is it is always harder to target and write a successful trojan or virus for Linux than on Windows because of the design of the OS, this is true to most UNIX-like operating systems, like BSD(OSx), Solaris etc. Example, you can't just double-click an executable file and expect that Linux will execute it. The file needs to be executable first before you can run it. While in Windows, you can double-click it and bam... In WinXP sp2, you will confirm the run dialog box. Also, Linux's default user do not have the capabilities of an Administrator (root). While it is very possible to infect a Linux system with a trojan like vicrpyt, i cannot propagate easily as it is in Windows.

[FF2009]

reading this type of stories happening to Windows makes me love my Ubuntu even more so than ever.

yeah suckers. You all payed for Crapware infested OS,

LOL

[e_chappuis]

@ stickfu
..."Most of the world`s internet traffic is directed by/through Unix boxes. So knowing that, Unix has a larger market share in mission critical applications (where the real money is) thus making them a VERY attractive target. I`m not really hearing that many of them are getting taken down by viruses"...

...I`m not really hearing that many of them are getting taken down by viruses...

Well you won't hear much of that, since they are well protected, much much better then Win....

I'm being sent early warning about Virus attacks and I can assure you all that if a virus does attack a server, the next thing is that you/we won't get it in our machines. Next thing is that they (the server companies) just let flow anything else run freely through and about...

Has anyone thought that if it it is possible for whoever wants it out there, to filter contents, chase IPs, compile data about you/us, find Zillions webzes and articles in a matter of 0,018 sec (Google and+) but can't stop and cut at the root the spread of malware etc. ? Then something is pretty wrong out there...

Yes, it could well be done the same way, using the same powerful tecnologies to be done with the spread of viruses once and for all... A long tale... Money making again and again...

And of course the botnets, the states themselves, the big companies use us to launch their attacks against each other...

Does anyone think that really really someone has any interest at all to do the job properly when so much power, so much money is involved?

Nuts, it's not about Win versus Macs or Linux. Not at all, nothing but huge interests

Think! Someone wants us to look the wrong way and while we chicken play and pick at each other, they dance and clap their fat *****...

the very same happens in politics. So, Obama is being given a Peace Nobel Prize when he has done nothing and nobody winks!!! He's done nothing, absolutely nothing to create or bring Peace anywhere, but all the contrary, Middle East = back to slot one... Irak worse then ever... Afghanistan a worse mess and worsening... Africa steadily going down and down... The US + allies giving full support to corrupt governements... No peace at all anywhere but the plundering of the natural ressources of these countries go on and on...

And fat ***** clap their fatter and fatter ***** while we discuss his wife's dresses and his lovely kids playing at the White House, how cute, how tender...

Soooooo simple

[Dalkorian]

Dude, I've tried to read your comment. Twice. You aren't making sense. Finish elementary school so you can learn to write in sentences, then think so your sentences can be coherent. Then try again, I'm guessing this will take you 3 or 4 years?

[Ron Geiken]

I would like to hear chapter and verse how this infection happened. Was it downloaded from a web site, or was it delivered by e-mail or was there some other way it came into the computer. These kind of stories are just about WORTHLESS since they give so little information on methods used. For sure, they are of no value to Windows User. At least with swine flu, they tell us to wash our hands and sneeze into our sleeve. It is hard to take seriously any Magazine that would put out such drivel without further information.

[odit-06]

Ok. I really do not care what O/S you use. The bottom line NO O/S is secure and free of any bugs. Yes some more then others and in fact if one O/S or App has more market share it will also have a more security risks and bugs then others. Thinks about this. If one bank had the market share like the EVIL MS has on the computer market they would also be the largest target for bank robberies, online fraud, ect.... Just like most or all current issue in the world the problem is not what company or orginization is at fault it is with society in general. Wake up world.. PEOPLE are the problem. People choose what O/S they compute with as we have choices and freedom to do this. If you do not like a product then continue not to uses it. I do not need to try and get people to approve what I use for an O/S because it does not matter. My best advise for everyone is to take a computer class or two. Learn good computing not what O/S will protect you better. The other thing to remember most MS and Apple are core marketing companies. They know you have choices so they play what ever card they can to get you to buy or upgrade your computers. Protect yourself starts by understanding what you are doing and how this effects everyone online. Do not be a puppet of any company. Know what you want, what you are doing and understand the problem is the PERSON behind the computer. I have posted a few links to a few top security and patches from the last few weeks from MS, Apple and yes other market leaders.

Microsoft

http://www.computerworld.com/s/article/9140625/Microsoft_plugs_15_holes_including_critical_drive_by_bug Windows, Windows Server, Excel and Word. Windows 7 NOT EFFECTED. (15 Flaws)

Apple

http://news.cnet.com/8301-27080_3-10393728-245.html?tag=mncol;title All Mac OS X (Server and Workstation) (43)

Firefox

http://www.infoworld.com/d/security-central/mozilla-fixes-firefox-crash-bug-428

SMB Threats

http://news.cnet.com/8301-1009_3-10384916-83.html?tag=newsEditorsPicksArea.0 SMB Security breaches.

http://news.cnet.com/8301-1009_3-10385230-83.html?tag=mncol;title

Sun Microsystems and Blackberry

http://news.cnet.com/8301-1009_3-10385230-83.html?tag=mncol;title

http://www.computerworld.com/s/article/9140314/Java_BlackBerry_desktop_get_security_bug_fixes

Adobe

http://www.infoworld.com/d/applications/adobe-patches-critical-bugs-in-shockwave-player-892 Patch to security issues with Shockwave Player.