The Troj/Zippo-A Trojan horse (also known as CryZip) searches for files on innocent users's computers such as Word documents, databases and spreadsheets, and moves them into password-encrypted ZIP files. It then creates another file informing the affected user on how they need to pay 0 to an E-Gold account to recover their data.

"The Zippo Trojan horse is bold as brass, scooping up your valuable data and locking it away until you agree to pay the ransom to the criminals who have "kidnapped" your files. Companies who have made regular backups may be able to recover easily, but less diligent businesses may be in a quandary about whether to cough up the cash," said Graham Cluley, senior technology consultant for Sophos. "In the old days malware was typically written by teenagers who wanted to show off to their mates. Now most of the viruses and Trojan horses we see are being written with the intention of making money from innocent internet users. The attacks are becoming more organized and more malicious, and every computer needs to be properly defended."

Sophos experts who have analysed the Trojan horse have determined the password used to encrypt users' data.

"Experts at Sophos have disassembled the Zippo Trojan and determined that the password it uses to encrypt data is C:\Program Files\Microsoft Visual Studio\VC98," continued Cluley. "So there should be no need for anyone unfortunate enough to have suffered from this ransomware attack to have to pay the reward to the criminals behind it. It looks like this password was deliberately chosen by the Trojan's author in an attempt to fool analysts into thinking it was a directory path instead."

Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.

Source: Sophos (www.sophos.com)