We have detected a new case of RansomWare.
Once the malware infects users and encrypts their files, several “read_me.txt†files are created in the infected system, which warn users that their data files have been encrypted and that they won’t be able to access them unless they pay a ransom of $300.
The email addresses indicated in the message may vary:
The “personal code†may also vary depending on the random value that is used to encrypt the data.
The encrypted files usually begin with the text “GLAMOURâ€:
We have managed to access the data of the infected systems and there are 1,108 infected computers.
Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.
The “construction kit†of Trj/Sinowal has been used to create this Trojan.
We have already mentioned this malware family in the eCrime 2007
http://research.pandasoftware.com/blogs/research/archive/2007/03/29/eCrime-2007-Congress.aspx
According to SecureWorks, this “construction kit†is sold for around $1,000.
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=3740
This variant has been detected as Trj/Sinowal.FY in the signature file.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
