- Email: [email protected]
Europe hit by cryptoviral extortion
NEWS
VIRUS Europe hit by cryptoviral extortion
Mac virus shipped on magazine cover
Rritish computer security professionals have reported the first known -cases of cryptoviral extortion in Europe. Tiny cryptotrojans have been introduced into at least nine business systems in London, encryl)ting critical banking and record files. The businesses have been conta&ed by hackers demanding up to &I00 000 for the key to the cipher.
has sent out a report an advisory from OxCERT and the UK Government revealing that a Macintosh virus has been shipped on a CD on the cover of the UK magazine MacUser (issue 24 May 1996). The virus is MBDF.A and the infected file is called:
Edward Wilding, of Network Security Management, has assisted half a dozen companies targeted by cryptovirus writers in the past six months. He described the threats as “a growing and dangerous terrorism” and blamed poor security and electronic
form of financial
hygiene for their
succe’#s. Cryptotrojans - the extortionists’ weapon - are a sophisticated form of thal e\,eryday menace, the virus. They are in,serted into a target system in the guise of an ordinary file or data packet and remain harmless until activ;tted within the system to spawn their viral offspring. Unlike normal virusts, cryptoviruses encipher, rather than deleting or overwriting data. Whet-e a robust encryption system is used, the data usually cannot be restored unless the virus writer is persuaded to give up his key. This requirement and the success of virus writers in miniaturizing encryption
code. has led to the extortion threat British businesses now face. Two c,afeguards can help protect against this form of damage.
Complete and ((u-rent backups mean damaged files simple can be reinstalled after the virus is wiped. Alternatively, they can be used to decrypt otherwise irrecoverable data by providing plaintext to be
“Tiny cryptotrojans have been introduced into at least nine business systems in London, encrypting critical banking and record files”
;;;c;~~;;;;~ t;zc;;;;; checks * on key computer ’ personnel can weed out notential extortionists before they have a chance to act. According to Jim Bates, of Computer
i;re;f;; ma;ar;; “f: launched
Scotl,ind Yard’s Computer
internally.
Crimes Unit, who are gathering intelligence on this type of crime, would like affected businesses to come forward, in the six months since the first attack, no business has been willing publii,ly to admit to being a target.
Computer Fraud 81 Security 0 1996 Elsevier Science Ltd
June 1996
irus Bulletin
V following
/VR/AMXDigital Blah Blah Blah, <
QTVR/ > It’s QTVR!
Initial infection of the System file causes a long delay and if the machine is restarted in that time that file will be damaged beyond repair. Once the virus has infected the System file,
“a Macintosh virus has been shipped on a CD on the cover of the UK magazine MacUseP applications will be infected as they are run. MucUser has issued a press release stating that the CD is to be re-pressed without the infected file. Suppliers have been advised to remove the affected disc from the cover of the issue and replace it with a sticker showing a help line number (0800 106019 - UK only) to obtain a copy of the new CD. Virus Bulletin advises the destruction of the CD if possible. A freeware Macintosh anti-virus program which will deal with an infection form this virus is John Norstad’s Disinfectant and this is available through ftp://ftp.acns.nwu.edu/pub/disinfectantl.
3
VIRUS Europe hit by cryptoviral extortion
Mac virus shipped on magazine cover
Rritish computer security professionals have reported the first known -cases of cryptoviral extortion in Europe. Tiny cryptotrojans have been introduced into at least nine business systems in London, encryl)ting critical banking and record files. The businesses have been conta&ed by hackers demanding up to &I00 000 for the key to the cipher.
has sent out a report an advisory from OxCERT and the UK Government revealing that a Macintosh virus has been shipped on a CD on the cover of the UK magazine MacUser (issue 24 May 1996). The virus is MBDF.A and the infected file is called:
Edward Wilding, of Network Security Management, has assisted half a dozen companies targeted by cryptovirus writers in the past six months. He described the threats as “a growing and dangerous terrorism” and blamed poor security and electronic
form of financial
hygiene for their
succe’#s. Cryptotrojans - the extortionists’ weapon - are a sophisticated form of thal e\,eryday menace, the virus. They are in,serted into a target system in the guise of an ordinary file or data packet and remain harmless until activ;tted within the system to spawn their viral offspring. Unlike normal virusts, cryptoviruses encipher, rather than deleting or overwriting data. Whet-e a robust encryption system is used, the data usually cannot be restored unless the virus writer is persuaded to give up his key. This requirement and the success of virus writers in miniaturizing encryption
code. has led to the extortion threat British businesses now face. Two c,afeguards can help protect against this form of damage.
Complete and ((u-rent backups mean damaged files simple can be reinstalled after the virus is wiped. Alternatively, they can be used to decrypt otherwise irrecoverable data by providing plaintext to be
“Tiny cryptotrojans have been introduced into at least nine business systems in London, encrypting critical banking and record files”
;;;c;~~;;;;~ t;zc;;;;; checks * on key computer ’ personnel can weed out notential extortionists before they have a chance to act. According to Jim Bates, of Computer
i;re;f;; ma;ar;; “f: launched
Scotl,ind Yard’s Computer
internally.
Crimes Unit, who are gathering intelligence on this type of crime, would like affected businesses to come forward, in the six months since the first attack, no business has been willing publii,ly to admit to being a target.
Computer Fraud 81 Security 0 1996 Elsevier Science Ltd
June 1996
irus Bulletin
V following
/VR/AMXDigital Blah Blah Blah, <
QTVR/ > It’s QTVR!
Initial infection of the System file causes a long delay and if the machine is restarted in that time that file will be damaged beyond repair. Once the virus has infected the System file,
“a Macintosh virus has been shipped on a CD on the cover of the UK magazine MacUseP applications will be infected as they are run. MucUser has issued a press release stating that the CD is to be re-pressed without the infected file. Suppliers have been advised to remove the affected disc from the cover of the issue and replace it with a sticker showing a help line number (0800 106019 - UK only) to obtain a copy of the new CD. Virus Bulletin advises the destruction of the CD if possible. A freeware Macintosh anti-virus program which will deal with an infection form this virus is John Norstad’s Disinfectant and this is available through ftp://ftp.acns.nwu.edu/pub/disinfectantl.
3