Security experts have cracked the password needed to retrieve files encrypted by a Trojan horse, dubbed Arhiveus-A, that claimed a number of victims following its appearance on the net last week.

The malware scoops up files in infected users' 'My Documents' folders and packs them in an encrypted file called EncryptedFiles.als.

However, anti-virus analysts at Sophos have disassembled the Arhiveus Trojan and discovered that the password it uses to encrypt data is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw".

So-called ransomware attacks, as practiced by Arhiveus-A, are becoming more common as virus writers turn to sneakier and sneakier activities in order to scrape a living. In March 2006, the Zippo Trojan horse demanded $300 from victims for the safe return of their encrypted data. The Ransom-A Trojan horse threatened to delete compromised files one-by-one until extortion demands were met. ®

Related stories

• Security militia sought to brutalize ransomware virus (6 June 2008)
• Chinese mobile users targeted by Trojan (5 March 2008)
• The return of the ransom-ware Trojan (19 July 2007)
• Contract killer spam scam hits the net (12 January 2007)
• Webmail hijack ruse leads to blackmail (13 December 2006)
• Analysis Targeted Trojan attacks on the rise (15 October 2006)
• Free piracy protection tool 'links to porn' (26 June 2006)
• Trojan forwards details of Oregon taxpayers (19 June 2006)
• PCs to developing world 'fuel malware' (13 June 2006)
• Spam deluge eclipses email virus threat (1 June 2006)
• Infected Windows PC? Just nuke it (5 April 2006)
• Spammers adopt stealth tactics (20 February 2006)
• Worm War II (18 August 2005)
• Zombie bots fuel spyware boom (11 July 2005)