New Trojan virus on the loose demands ransom

A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.

A sample of the Trojan horse virus was sent Wednesday to Sophos, a security vendor, said Graham Cluley, senior technology consultant. The malware, which Sophos named Troj/Ransom-A, is one of only a few viruses so far that have asked for a ransom in exchange for releasing control of a computer, Cluley said.

The new Trojan falls into a class of viruses described as "ransomware." The schemes had been seen in Russia, but the first one appeared in English just last month.

"It is a new kind of malware with a particularly nasty payload," Cluley said.

It's unclear how the Trojan is being spread, although Sophos is investigating, Cluley said. Viruses can be spread in several ways, including through spam or a so-called drive-by download that exploits a browser vulnerability when a user visits a malicious Web site.

Once run, the Trojan freezes the computer, displaying a message saying files are being deleted every 30 minutes. It then gives instructions on how to send $10.99 via Western Union to free the computer.

Hitting the control, alt and delete keys will not affect the bug, the virus writer warns. Sophos provides further details at http://www.sophos.com/virusinfo/analyses/trojransoma.html.

The virus writer even offers tech support, Cluley said. If the method of unlocking the computer doesn't work after the money is sent, the virus writer promises to research the problem and includes an e-mail address.

Last month, a Trojan emerged that encrypts a user's documents and then leaves a file demanding $300 in exchange for the password to access the information. Victims were instructed to send money to one of 99 accounts run by e-gold, a company that runs a money transfer site.

The password, however, was contained on the infected computer. Sophos cracked it and publicly released it.