We recently received reports of a .doc file that have a very nasty macro inside, is being spammed in Russia.
Rest assure that Trend Micro is doing everything possible to speed up the process for our Russian friends and as usual.I will update you on any developments regarding this matter.
Update(Obet, 07 June 2006 18:01:35)
Upon downloading and executing the ransomware, it encrypts files with certain extensions and will render these files unreadable. The ransomware will then drop the file readme.txt in the folder of the hijacked files as its ransom note. The note reads;Some files are coded by RSA method.
To buy decoder mail: firstname.lastname@example.org
with subject: REPLY
Trend Micro detects the .doc file that arrives with the spammed email as W2KM_TORED.A and other trojan that is dropped by the Doc file is detected as TROJ_SMALL.AIT while the ransomware that is being downloaded by this trojan is detected as TROJ_PGPCODER.D.