A new form of Trojan holds your files to ransom (according to http://news.zdnet.com/2100-1009_22-6066636.html). Not having files of value >= 10p, this doesn’t exactly put me in a flap. But, as I am fair game for getting almost any malware, I could still find myself horribly inconvenienced.

According to zdnet, this is the third such attack in about a year. There are lots of details about the new Trojan attack on Sophos. (http://www.sophos.com/pressoffice/news/articles/2006/04/ransom.html) Its characteristics include a seemingly modest $10.99 ransom demand, together with a pretty unreasonable demand to pay within 30 minutes, which must be unmeetable unless you live in a Western Union office. Oddly the messages don’t inpire much trust in the promise that paying up will halt the trojan, as the message provides a Yahoo email address for you to contact if the removal code doesn’t work.

The basic design flaw in all this from the criminal’s viewpoint must be the same problem faced by all extortionists – picking up the cash. Western Union may be international, but it is not anonymous. There can’t be a Western Union office in the developed world that isn’t covered by the currently ubiquitous cameras. A huge influx of $10.99 Western Union orders to one office would be its own trail anyway, unless, there is a computer wizard isomewhere so bored that they would bother to write and propagate a Trojan for $10.99. In which case, they could probaly get away with it but might be better advised to get a more profitable line of work.