It seems the virus scammers are at it again. According to reports they are re-using the scam of holding data to ransom on peoples computers they target with a new strain of so-called "ransom-ware" Trojan.

It goes by the name of Gpcode-AI (AKA Sinowal-FY) and it encrypts data on targeted machines before demanding money from users to decrypt it. The malware also features backdoor key-logging which steals confidential bank and credit card account details from compromised computers.

Luis Corrons, Technical Director of PandaLabs. explains :

"This Trojan belongs to the Synowal family, traditionally used to steal passwords and banking details. This variant, however, not only does that, but blackmails users by encrypting their data so that they cannot access it."

When Gpcode-AI gets into your system, it encrypts every single document on your hard disk and installs a file called "read_me.txt" with the scammers demands. You are asked to pay $300 for a tool to decrypt the files.

The "read_me,txt" file goes like this

Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA).

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: xxxxxxx@xxxxx.com and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.

If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.

Glamorous team

They claim that if payment isn't received by a set deadline your data will be unrecoverable.

This is a false statement.

Its just a scare tactic designed to rush you into making a payment. The malware doesn't actually have a routine to delete your encrypted data.

The malware uses a complex encryption algorithm to encrypt user files and archives, which makes it impossible for you to open files.

According to an analysis by anti-virus experts at Kaspersky Labs. The Trojan uses a modified version of RC4 - and not RSA-4096 as stated in the text file - to scramble data. The claim that your personal and financial files might be sent to a malicious user is also a lie.

If you are affected by this malware, you are strongly urged not to pay any money to the scammers as this will only encourage further crime. Anti-virus vendors are currently working on ways to both block the malware and restore scrambled data.

For example, Kaspersky Lab analysts have created a decryption routine for encrypted files which will soon be added to its antivirus databases. Various other antivirus vendors are in the process of adding detection for the malware virus with a view to preventing infection in the first place.

This type of data ransom scam is not entirely new. There have been others in the past using the same methods such as the PGPCoder type. Ransom A demanded a smaller sum of $10.99 from you.It was threatened that a file would be deleted every 30 minutes until you paid up.

Arhiveus-A was another one but, this time they tried to make you buy drugs from an on-line store instead of demanding money directly.

If you don't have an Anti-virus program installed on your computer I strongly recommend you think seriously about getting one. There are loads of programs out there so you might want to check out Johnathan Prince's Reviews of some of the better ones on the market

Be vigilant