International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Friday, July 27, 2007

Secure Science Corporation, in their GPCode Evolution Report, describes the more obscure, previously undocumented traits belonging to the most recent Ransom-based Trojan (known as Glamour). "The code is a modified version of the Prg/Ntos family which was detailed in depth during their Encrypted Malware Analysis in November 2006. While a majority of the functionality has not changed since then, this recent variant is distinctive enough to warrant additional research. In particular, the trojan is now equipped with the ability to encrypt a victim's files on disk. The motive for adding this feature is clearly monetary, as the victim is advised that the files will remain encrypted unless $300 is turned over to the authors, in exchange for a decryption utility." According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan.

Read more about this report on the Secure Science Blog. Access the GPCode Evolution Report here. Secure Science Corporation has also provided the source code for the decrytor and is available here.