AV developers say about a surge of activity Trojan cryptographers
Dr. Web warned of the growing number of users affected by a Trojan cryptographers. The most widespread malicious program Trojan.Encoder.94. Also very popular Trojan.Encoder.225: only recently for help in restoring the files affected by the actions of the Trojan, anti-virus department Dr. Web addressed more than 160 people.
The Trojans family Trojan.Encoder are malicious programs that encrypt files on the hard disk of the computer and demand money for their decryption. After the files are encrypted, the Trojans family Trojan.Encoder, depending on the version, can be placed on the disc text information files for data recovery or to change the desktop background image showing instructions. Amount required by hackers, can vary from a few dozen to several thousand dollars.
Trojan coders often distributed using malicious spam. For example, Trojan.Encoder.225 can get into the operating system with a message that contains attachments in a document RTF (with the extension. Doc), exploiting the vulnerability of Microsoft Office. By using this exploit is installed on the victim’s computer Trojan downloader, which in turn downloads from the management server Trojan.Encoder. Trojan Trojan.Encoder.94 often downloaded onto the victim’s computer using the backdoor BackDoor.Poison, which, in turn, sent a mass email with an attached file.
In June, 2013 has been a significant surge in the number of cases of infection with malware family Trojan.Encoder, in this case from the last modification Trojan.Encoder.225 affected more than 160 people from Russia and Ukraine seeking assistance to the company. This Trojan is written in Delphi and has three versions. In previous modification Trojan attackers use to communicate e-mail address email@example.com, in the last of the famous – firstname.lastname@example.org. Files encrypted earlier versions Trojan.Encoder.225, indecipherable. Over the means of restoring the files affected by a later modification of the Trojan is currently being worked on.
As for the most common Trojan cypher, Trojan.Encoder.94, he has a record number of modifications – more than 350. Files encrypted versions of most of the Trojan.Encoder.94, indecipherable. Trojan.Encoder.94 victims over the past month were more than 680 people.
In just the last three months of anti-virus department “Dr Web” received about 2,800 complaints from people affected by the infection of the Trojans-cryptographers. Due to the fact that the attackers continually complicate encryption mechanisms, virus analysts have to solve more complex mathematical problems in terms of increasing the flow of requests from victims encoders.