'Ransomware' extorts payment with phone call
Pay $35 by dialing a 900 number, or forget using the PC, says researcher
Computerworld - New "ransomware" that locks up a person's PC and demands $35 to return control to its user is on the prowl, a security researcher said this week.
The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography Web sites to charge for access to their content, added Eckelberry.
Users infected with the Trojan horse see a full-screen message posing as an error generated by Windows, according to screenshots posted by Eckelberry on the Sunbelt company blog on Monday. "ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic]," the message reads. "Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows (sic) and threatens with infection of your computer by harmful viruses, adware, spyware, etc."
The bogus update window includes a "Click to activate new license" button that in turn brings up another screen, this one telling U.S. users to dial a 900 telephone number and enter a personal identification number (PIN). If the 900 number doesn't work, the page instructs users to dial alternate numbers -- one in the West African nation of Cameroon, the other a satellite telephone number.
"You're completely locked out of the system" after the Delf.ctk Trojan horse installs and runs, said Eckelberry. The only way to regain control is to pay up by dialing.
A search on Google for the 900 number returns results pointing to passwordtwoenter.com, a Web site registered to Global Voice SA, a company based in the Republic of Seychelles, an island nation in the Indian Ocean. The IP address used by passwordtwoenter.com is shared with similar domains, including "pintoenter.com" and "chargemyphonebill.com," which are also registered to Global Voice.
Global Voice did not respond to e-mail sent to the address listed in the domain registration information for passwordtwoenter.com.
Ransomware, a term used to describe malware that tries to extort money from users after an infection -- usually to return access to suddenly-encrypted files -- is rare, but not unknown. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed "GpCode," demanded $300 to unlocked frozen files.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!