Tuesday, November 3, 2009

New Trojan horse that encrypts files: the .vicrypt file extension

Source: http://news.cnet.com/8301-27080_3-10388541-245.html

Symantec's technical description and removal tool:
http://www.symantec.com/security_response/writeup.jsp?docid=2009-102708-2133-99&tabid=2

There's a new Trojan propagating across the web that encrypts files and changes their extension to .vicrypt. Rather than popup enticements to "offer decryption services" (ransom-ware) to the victim, they are relying on end-users searching for that file extension, in the hopes of landing on the malware authors website, where a tool is being sold.

Now you can get a free removal and decryption tool from Symantec, see link above.

This virus is not yet wide-spread, and hopefully won't become so. But if you see that file extension on your system, you should review the details and get cleaned up.