Members, Friends This will soon be making its way from Russia to the US. I know none of you have any of this on your systems but it will lock up your machine anyway. Two things you should do are: 1. Make sure you take a current restore point as we showed you how at recent meetings. 2. Watch out for any web address that end in .ru (Russia) or other strange web address - don't open unless you know who the link is from (and trust that they have scanned the attachment). Don't forget to come to the next meeting, September 21st at 10:00 am. Buzz New ransomware variant uses false child porn accusations By Dancho Danchev | September 14, 2011, 5:54am PDT Summary: Researchers from BitDefender have detected a new ransomware variant currently spreading in the wild. <http://i.zdnet.com/blogs/untitled_0101.png> Description: http://i.zdnet.com/blogs/untitled_0101.png Researchers from BitDefender have detected a new <http://www.malwarecity.com/blog/cyber-extortion-scam-issues-false-child-por n-accusations-1127.html> ransomware variant currently spreading in the wild. Once Trojan.Agent.ARVP locks down the infected PC, it displays a message saying that the PC is locked due to the fact that child pornography was found on the user's system and the fine of 500 rubles must be paid within 12 hours. The Task Manager, Windows Explorer and User Init Logon Application are either killed or overwritten by the trojan in an attempt to prevent users from killing it. The scammers says the user must pay within 12 hours or the "child-porn" case will be forwarded to the local police and all data stored on the personal computer will be blocked or deleted, the operating system uninstalled and the BIOS erased. In reality, the data will still be there and the BIOS will not be affected after the 12-hour deadline passes. But the PC will remain locked. Paying the ransom will not unlock it. In-depth analysis of the malware revealed that there is no way to unlock the PC, so the promise of a code is false. The malware is currently spreading over links distributed over social networks. Users are advised to be extra vigilant when dealing with suspicious links. Kick off your day with ZDNet's <http://nl.zdnet.com/acct_mgmt.sc?brand=zdnet> daily e-mail newsletter. It's the freshest tech news and opinion, served hot. <http://nl.zdnet.com/acct_mgmt.sc?brand=zdnet> Get it. Buzz Brooks buzzbro@xxxxxxxxxxx (520) 572-7363 (H) (520 235-5467 (M)