New Worm Locks Documents with Password

[SUPERIOR]

Quote:

Malware researchers from Panda Security warn of a new worm, which locks all documents, presentations or emails found on infected computers with a password.

Dubbed Clippo.A, the worm copies itself as PICTURE.EXE and SOUND.EXE to all folders on the system, as well as to removable drives or network shares where it has write permissions.

full story

[funkydude]

Hardly call this new, but ok.

[SUPERIOR]

Quote:

Originally Posted by funkydude

Hardly call this new, but ok.

actually, never heard about any malware does the same thing i mean lock any kind of files .... its just puzzling why worm would lock documents..then doesnt lead to some ransomewares? they say it's just for annoying...
but as to their analyzing, i guess it's just skiddie worm...first it supports old version of windows not latest ones(like vista or seven)
second its way of propagation seems like simple
third, password long but only numbers ..which makes it more easily be bruteforced

the only thing i find interesting is "locking documents" as it's new symptom for me

but i was wondering, if file was set to "read only" does it have the ability to lock it? or thats impossible ?

[funkydude]

Searching ransom @ MMPC reveals a few of many types of variants that do this. For example, the search failed to bring up this from 2009: https://www.microsoft.com/security/p...Win32/Gpcode.H

It is very scary indeed

[SUPERIOR]

Quote:

Originally Posted by funkydude

Searching ransom @ MMPC reveals a few of many types of variants that do this. For example, the search failed to bring up this from 2009: https://www.microsoft.com/security/p...Win32/Gpcode.H

It is very scary indeed

ooh...thanks alot for the info and links...actually never heard them before
so that worm has nothing new at all...then i am wondering why great company like panda would take this seriously

btw, do you know a good source to get samples of ransom trojans? or if you can pm me with links

Thanks in advance

From the article:

Quote:

Clippo affects Windows 2003 and XP, as well as previous versions of the operating system that are no longer actively supported by Microsoft.

[funkydude]

Quote:

Originally Posted by SUPERIOR

so that worm has nothing new at all...then i am wondering why great company like panda would take this seriously

One would hope that AV companies take all malware threats seriously ^^

But if you want my opinion of it, AV companies sometimes like to race to be "first" to document a new threat. This generally increases sales/awareness of product as the articles are technically advertising the product company writing it.

If you want to go further there are sometimes users that actively switch AV product because they are told AV product X detects new threat Y, but I don't think that's a very common thing.

[SUPERIOR]

Quote:

Originally Posted by funkydude

But if you want my opinion of it, AV companies sometimes like to race to be "first" to document a new threat. This generally increases sales/awareness of product as the articles are technically advertising the product company writing it.

very true, maybe they dont like but they have to
PS : i havent tried panda for long time, panda can fix this infection, i mean delete the password from infected files? anyone have an idea?