The Russian anti-virus vendor Doctor Web has issued a warning about a new Trojan that can, potentially, delete every single file and folder on a compromised computer.
(If you don’t already know what a Trojan is, then check out this post : What Exactly Is A Trojan?)
The new Trojan has an appropriate name – Trojan.KillFiles.904 and has been confirmed in the wild since the beginning of this month.
If you are unfortunate enough to be infected with Trojan.KillFiles.904 then all of your files and data are at serious risk.
The Trojan will search all drives on your system, both internal and external, and including small devices such as USB sticks and flash memory cards.
Trojan.KillFiles.904 will search for drives in reverse logical order, i.e. it will look for drive Z: first and A: last.
Whenever it finds a drive it will attempt to remove all files and folders contained on it, whether they are visible or hidden.
Talking of hidden files, if the Trojan cannot delete a file for some reason, such as the fact that it may be currently in use, then it will assign the ‘hidden’ attribute to it, making it inconvenient at best for a user to then find it.
The only files and folders that the Trojan will leave untouched are Windows system files whiich mean that you could actually continue to use your computer as normally whilst being blissfully unaware of what was happening in the background.
The KillFiles.904 Trojan is therefore quite unique because it doesn’t attempt to steal personal data or lead to any kind of extortion from the programmer.
Instead it is designed with the singular purpose of destroying any system it finds its way onto.
As ever, having a good anti-virus program installed is a great way of avoiding such a devastating attack but I would also urge anyone who has large amounts of important information on their computer to back it up on a regular basis, just in case.