Trojan horse: Your money or your files

Newly discovered Trojan horse threatens to delete files if victim doesn't pay $10.99 for code to disarm the malicious software.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
In another example of "ransomware," a new Trojan horse threatens to delete files unless the victim pays up, security experts have warned.

When activated, the Trojan horse, dubbed Ransom-A by antivirus company Sophos, displays some explicit images. It then shows an expletive message that demands a $10.99 payment, or it will delete one file every 30 minutes, security experts at SophosLabs said in a statement published Friday.

"This Trojan horse is designed to take your data hostage and tries to scare users into paying up quickly by threatening to wipe files one-by-one," Graham Cluley, senior technology consultant at Sophos, said in the statement.

The Trojan asks for payment via the Western Union money transfer service and promises delivery of a special disarming code after the ransom is paid, Sophos said.

This is the second example of malicious software that seeks to extort money in as many months. In March, a Trojan horse that encrypts victims' files and demands a $300 payment to have them decrypted and unlocked made the rounds. A similar attack was spotted in May of last year.

"Our concern is that this may be the beginning of a growing trend of malware designed to extort money," Cluley said.

Sophos recommends that people make backups of their data and run updated security software for protection against pests such as these ransom-demanding Trojans. As a general rule, Internet users should be cautious when opening e-mail attachments and surfing untrusted Web sites.