FireEye Uncovers New Cyber Threat Used to Monetize Infected PC’s, Offers Victims of Vundo FileFix Pro Extortion Scheme Free Service to Unlock Files

FireEye, Inc., the leader in global anti-malware and anti-botnet protection announced today that it has developed a free Web service for victims of the Vundo FileFix Pro extortion scheme. The FireEye Malware Intelligence Lab discovered that Vundo had undergone an evolutionary shift in business model. Beyond tricking users into downloading a fake antivirus program, Vundo now encrypts victim’s files essentially denying access to the files unless the victim pays a fee for a program called FileFix Professional, which decrypts the files. Vundo’s new ransomeware functionality locks the user out of every important file in their “My Documents” folder ranging from Microsoft Office to Adobe PDF files until the victim agrees to pay a $60 ransom demand.

“It’s really sobering to see cyber criminals use stealth malware on a massive scale to hold data ransom,” said Alex Lanstein, senior security researcher at FireEye. “We were all fortunate this version of Vundo used a basic level of encryption, but it serves as a sinister omen for future malware tactics to come.”

Vundo is a generic Trojan that is well known for pushing Web pop-ups that fool victims into thinking they have malware on their PC. Vundo offers to clean up the non-existent malware by selling rogue applications like XpAntiVirus and WinFixer (so-called ‘scareware’.) In this current situation, Vundo’s criminal operators have escalated the attacks on victims by pushing a new piece of Web-based malware that encrypts victims’ documents rendering them unreadable by the original PC applications. Then, FileFix Pro is offered to ‘fix’ the files (aka ‘ransomware’.) The FileFix Pro application can be installed as a trial version or as a full, licensed version when purchased.

By analyzing encrypted victim’s files and understanding the trial version of FileFix Pro, FireEye has developed a decryption tool for victims of the Vundo extortion attempt. Victims can decrypt (unscramble) their files using FireEye’s free web-based service available at https://filefix.fireeye.com . Local decryption tools are also available. More details about the actual attack and tools available are on the FireEye Malware Intelligence Lab’s blog, http://blog.fireeye.com/

About FireEye, Inc.

FireEye, Inc. is the leader in anti-malware and anti-botnet protection, enabling organizations to protect critical intellectual property, computing resources, and network infrastructure against Web malware and botnet infiltration. Today’s most damaging attacks are perpetrated through Web malware that forms into highly organized botnets, or networks of remotely controlled, compromised machines. FireEye delivers a complete solution that is designed from the ground up to detect and protect organizations from advanced Web malware and botnets through global and local intelligence and analysis. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks. For more information, contact (408) 321-6300 or email: info {at} fireeye(.)com. Visit us at www.FireEye.com.

Contacts

Loughlin/Michaels Group
Michael Kellner, 408-370-5232
Fax: 408-370-5227
Senior Client Relations Manager
Email: michael {at} lmgpr(.)com
or
FireEye, Inc.
Phillip Lin, 408-321-6300
Fax: 408-321-9818
Director of Marketing
Email: plin {at} fireeye(.)com