New Worm Locks Documents with Password

[Starbuck]

Malware researchers from Panda Security warn of a new worm, which locks all documents, presentations or emails found on infected computers with a password.

 

Dubbed Clippo.A, the worm copies itself as PICTURE.EXE and SOUND.EXE to all folders on the system, as well as to removable drives or network shares where it has write permissions.

 

Its payload involves dropping a file called FILE.EXE in the root of the C: drive and adding a "load=c:\film.exe" startup registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows.

 

Most importantly, the worm it sets a 721709031350 password to any Word document, PowerPoint presentation or Outlook email it finds.

 

Malicious programs, that block access to important files or operating system features usually ask for money in order to restore normal functionality.

 

Such programs are collectively known as ransomware,but this doesn't appear to be the case with this threat.

 

"[…] The purpose of this worm is not to obtain financial gains but just to annoy users," the Panda Security researchers note.

 

Clippo stands to show that even though it is a rare occurrence these days, file damaging malware is not extinct.

 

Clippo affects Windows 2003 and XP, as well as previous versions of the operating system that are no longer actively supported by Microsoft.

 

It can be rendered inactive by manually removing the registry entry and deleting the c:\file.exe file, but a full system scan with a capable and up-to-date antivirus program is highly recommended.

 

The network shares accessible from an infected computer and all removable storage devices plugged into it should also be scanned.

 

 

Source:

New Worm Locks Documents with Password - Softpedia

[ErikAlbert]

Anti-Executable will kill these .EXE-files immediately in my winXP-system, while my reboot will undo any change on my partition-C and that will be the end of this miserable Clippo-worm and I won't even notice it.