TR/Zippo.10 - Trojan

Vedi anche

In breve

Descrizione completa

Statistiche

Nome del virus:	TR/Zippo.10
Scoperto:	17/03/2006
Tipo:	Trojan
In circolazione (ITW):	Si
Numero delle infezioni segnalate:	Basso
Potenziale di propagazione:	Basso
Potenziale di danni:	Basso
File statico:	Si
Dimensione del file:	1.191.936 Byte
Somma di controllo MD5:	86a48836bced8c4a0B59fca972800890
Versione VDF:	6.34.00.56

Generale Metodo di propagazione:
   • Nessuna propria procedura di propagazione

Alias:
   • Symantec: Trojan.Cryzip
   • Mcafee: CryZip
   • Kaspersky: Trojan.Win32.Cryzip.a
   • TrendMicro: TROJ_CRYZIP.A
   • F-Secure: Trojan.Win32.Cryzip.a
   • Sophos: Troj/Zippo-A
   • Panda: Trj/Cryzip.A
   • Eset: Win32/Cryzip.A
   • Bitdefender: Win32.Zippo.10

Precedentemente individuato come:
   • W32/Zippo.10

File Archiviazione:
Crea degli archivi e vi deposita i file.

Viene ricercata la seguente directory:
   • %tutte le directory%

Mentre le directory contenenti una delle seguenti stringhe non vengono prese in considerazione:
   • SYSTEM
   • SYSTEM32

Occorre fare attenzione ai seguenti tipi di file:
   • *.arh; *.asm; *.arj; *.bas; *.cdr; *.cgi; *.chm; *.cpp; *.db; *.db1;
      *.db2; *.dbf; *.dbt; *.dbx; *.doc; *.dpr; *.dsw; *.frm; *.frt; *.frx;
      *.gtd; *.gz; *.gzip; *.jpg; *.key; *.kwm; *.lst; *.man; *.mdb; *.mmf;
      *.mo; *.old; *.p12; *.pas; *.pak; *.pdf; *.pgp; *.pl; *.pwl; *.pwm;
      *.rar; *.rtf; *.safe; *.tar; *.txt; *.xls; *.xml; *.zip

Il nome file dell'archivio è il seguente:
   • %nome file originale%_CRYPT_.ZIP

La password dell'archivio è la seguente:
   • C:\Program Files\Microsoft Visual Studio\VC98

In seguito viene eliminato il file originale.

Vengono creati i seguenti file:

– %tutte le directory%\AUTO_ZIP_REPORT.TXT Questo è un file di testo “non maligno” con il seguente contenuto:
   • OUR E-GOLD ACCOUNT: %numero%

     INSTRUCTIONS HOW TO GET YUOR FILES BACK
     READ CAREFULLY. IF YOU DO NOT UNDERSTAND, READ AGAIN.

     This is automated report generated by auto archiving software.

     Your computer catched our software while browsing illigal porn
     pages, all your documents, text files, databases was archived
     with long enought password.

     You can not guess the password for your archived files - password
     lenght is more then 10 symbols that makes all password recovery
     programs fail to bruteforce it (guess password by trying all
     possible combinations).

     Do not try to search for a program what encrypted your information - it
     is simply do not exists in your hard disk anymore.
     If you really care about documents and information in encrypted files
     you can pay using electonic currency $300.
     Reporting to police about a case will not help you, they do not know
     password. Reporting somewhere about our e-gold account will not help
     you to restore files. This is your only way to get yours files back.

     ------------------------------

     How to pay to get your information back.

     1. click on this link to open your free e-gold account - the first
      screen is the e-gold "terms and conditions" page. You need to
      agree to these by clicking on the "I AGREE" button on the bottom
      on the page.
     2. On the next page is the sign up form:
      1. "Account name" - here is where you name your account - tip:
      make it easy to remember (as you will be asked for it) and
      reasonably short, example, "John's e-gold", "My Money e-gold"
      or perhaps "Felix" (whatever you like, just make it easy for
      you to remember it).
      2. "User Name" - here just repeat the account name (from 1 above).
      3. "Point of Contact" - this is where you put our name, address,
      phone number and email address (any email address can be used
      here but it is recommended you use your ISP address - not a
      free hotmail, etc address).
      It is also recommended your also include a fax number
      (don't have a fax number? This company offers free fax to email
      services). Try and make it as easy as possible for e-gold to contact you.
      4. "Passphrase" - this is the most important piece of information
      connected to any e-gold account. We can not stress enough how
      important it is that your passphrase is kept safe and secure.
      5. "Turing Number Entry" - type the 6 numbers you see there into the input
      box below.
      6. The last step click "Open"

     On the next page it will tell you that your e-gold account number has been emailed to you.

     check your email - you can expect to wait up to 5 minutes for your account number
     to arrive. If it does not arrive after 5 minutes then that means the email address
     you supplied was incorrect and you will have to open another new account (go through
     and repeat what you just did above again).

     To buy e-gold to your account please use official exchange services
     http://www.me-gold.com/
     http://www.goldex.net/
     http://usece.com/

     or try to search own way with
     http://gold-pages.net/e-Gold__1MDC__Pecunix_Wizard_Links/Purchase_E-gold/index.html
     http://www.google.com/search?hl=en&q=buy+e-gold&btnG=Google+Search

     FINALLY when you bought e-gold you have to transfer $300 to our e-gold account.
     In next 24 hours you will recieve $1 back to your account. Transfer details
     of this $1 transfer will have a link to software that will automatically
     unzip all your files back to normal state.

     Next day login to your account https://www.e-gold.com/acct/login.html,
     press History and press submit, you will see LINK TO UNZIP-software.

     Remember you are just $300 away from your files

Dettagli del file Linguaggio di programmazione:
Il malware è stato scritto in MS Visual C++.

Per la descrizione "in breve" clicca qui.

Descrizione inserita da Andrei Gherman il Fri, 17 Mar 2006 15:18 (GMT+1)
Descrizione aggiornata da Alexander Vukcevic il Wed, 29 Mar 2006 15:36 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« Indietro