Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security

September 6th, 2010, 14:18 GMT · By

New Worm Locks Documents with Password

SHARE:

Adjust text size:

Clippo worm sets password to documents
Enlarge picture
Malware researchers from Panda Security warn of a new worm, which locks all documents, presentations or emails found on infected computers with a password.

Dubbed Clippo.A, the worm copies itself as PICTURE.EXE and SOUND.EXE to all folders on the system, as well as to removable drives or network shares where it has write permissions.

Its payload involves dropping a file called FILE.EXE in the root of the C: drive and adding a "load=c:\film.exe" startup registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows.

Most importantly, the worm sets a 721709031350 password to any Word document, PowerPoint presentation or Outlook email it finds.

Malicious programs, that block access to important files or operating system features usually ask for money in order to restore normal functionality.

Such programs are collectively known as ransomware,but this doesn't appear to be the case with this threat.

"[…] The purpose of this worm is not to obtain financial gains but just to annoy users," the Panda Security researchers note.

Clippo stands to show that even though it is a rare occurrence these days, file damaging malware is not extinct.

Today's business-oriented cybercriminal landscape forces malware authors to focus on stealth and information stealing capabilities.

This worm does not follow that direction. It does not present its creators with any monetizing opportunities and does not attempt to fly under the radar; quite the opposite.

The most prominent family of malware which breaks files and is still actively developed is called Sality and is composed of file infecting viruses.

Clippo affects Windows 2003 and XP, as well as previous versions of the operating system that are no longer actively supported by Microsoft.

It can be rendered inactive by manually removing the registry entry and deleting the c:\file.exe file, but a full system scan with a capable and up-to-date antivirus program is highly recommended.

The network shares accessible from an infected computer and all removable storage devices plugged into it should also be scanned.


5,684 hits · 2 comments
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Japanese Virus Writer Arrested for the Second Time
DDoS Worm Starts Damaging Infected Systems
New Virus Damages Legit Files Beyond Repair
Sality Responsible for Most Attacks Targeting the LNK Vulnerability

READER COMMENTS:


Comment #1 by: Joe on 08 Sep 2010, 18:36 UTC reply to this comment

Please clarify this statement: "Most importantly, the worm it sets a 721709031350 password to any Word document, PowerPoint presentation or Outlook email it finds". Did you mean to say that the worm sets a CHARACTER password???

Comment #1.1 by: Lucian Constantin on 09 Sep 2010, 08:15 GMT

According to the information provided by Panda Security, 721709031350 is the exact password this worm sets.

When attempting to open one of the affected files you will be asked to input a password. Use that one.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use