The Russian anti-virus vendor Doctor Web has issued a warning about a new Trojan that can, potentially, delete every single file and folder on a compromised computer.
(If you don’t already know what a Trojan is, then check out this post : What Exactly Is A Trojan?)
The new Trojan has an appropriate name – Trojan.KillFiles.904 and has been confirmed in the wild since the beginning of this month.
If you are unfortunate enough to be infected with Trojan.KillFiles.904 then all of your files and data are at serious risk.
The Trojan will search all drives on your system, both internal and external, and including small devices such as USB sticks and flash memory cards.
Trojan.KillFiles.904 will search for drives in reverse logical order, i.e. it will look for drive Z: first and A: last.
Whenever it finds a drive it will attempt to remove all files and folders contained on it, whether they are visible or hidden.
Talking of hidden files, if the Trojan cannot delete a file for some reason, such as the fact that it may be currently in use, then it will assign the ‘hidden’ attribute to it, making it inconvenient at best for a user to then find it.
The only files and folders that the Trojan will leave untouched are Windows system files whiich mean that you could actually continue to use your computer as normally whilst being blissfully unaware of what was happening in the background.
The KillFiles.904 Trojan is therefore quite unique because it doesn’t attempt to steal personal data or lead to any kind of extortion from the programmer.
Instead it is designed with the singular purpose of destroying any system it finds its way onto.
Nasty!
As ever, having a good anti-virus program installed is a great way of avoiding such a devastating attack but I would also urge anyone who has large amounts of important information on their computer to back it up on a regular basis, just in case.
You May Also Be Interested In :
Article by Lee Munson
Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.
Lee has written 2880 awesome articles for us at Security FAQs
{ 7 comments… read them below or add one }
No, it’s not a good question. It’s a stupid question. A file — encrypted or not — is a file. It will be deleted.
Though it probably sounds like idle speculation and paranoia, a very reasonable and viable explanation for the amount of time and effort placed into such seemingly pointless creations is that it is for the benefit of the anti-virus industry. The more dangerous the virus the more paranoia it can instill, encouraging profit and thus active development within the AV industry. One could go so far as to suspect that a larger portion of new viruses come from anti-virus companies themselves than from tech-savvy teens with nothing to gain. Aside from that, there have been many cases in the past of proficient and notorious virus writers being hired by large software firms, including some specializing in digital security no doubt. Paranoia perhaps, but paranoia based in logic.
What about encrypted files such as with true crypt?
Who knows what motivates someone to create such a Trojan – boredom, misspent youth perhaps?
WTF would people create this shit for? Fucking idiot trolls.
Yeah, it should delete those as well. This trojan isn’t out to farm data (in which case, your encrypted files should not be able to be accessed), just destroy files. Encryption won’t keep files from being erased.
Well the files are encrypted, but not necessarily read/write protected.
Thats a good question, but my assumption is that it would be gone like the rest of your files
{ 7 trackbacks }