Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Alex Lanstein from the FireEye Malware Intelligence Lab revealed that the authors of Vundo have been pushing a piece of malware that encrypts various personal file types such as pdf, doc and jpg on your system, and ‘coincidentally' push a program called FileFix Pro 2009 which would decrypt them for a fee.
Lanstein said: "Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of internet malware."
He explained that Vundo is a generic Trojan that is well known for pushing scareware popups for things such as XPAntiVirus and WinFixer. However in this case it was pushing a popup that ended up being a Trojan, which encrypted all the documents and rendered them unreadable on your system.
On the webpage for the ‘fix' at FileFixPro.com, download options are given which Lanstein revealed use server-side polymorphism (or perhaps a ton of binaries) to give a different executable every time it is downloaded. He said: "I assume this is to aggravate anti-virus detection, which appears to be working."
He explained that a member of the FireEye team wrote a script to decrypt files, and in the coming days a tool will be released that can be downloaded that will decrypt all the affected files on your system.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.