'Ransomware' extorts payment with phone call
Pay $35 by dialing a 900 number, or forget using the PC, says researcher
Computerworld - New "ransomware" that locks up a person's PC and demands $35 to return control to its user is on the prowl, a security researcher said this week.
The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography Web sites to charge for access to their content, added Eckelberry.
Users infected with the Trojan horse see a full-screen message posing as an error generated by Windows, according to screenshots posted by Eckelberry on the Sunbelt company blog on Monday. "ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic]," the message reads. "Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows (sic) and threatens with infection of your computer by harmful viruses, adware, spyware, etc."
The bogus update window includes a "Click to activate new license" button that in turn brings up another screen, this one telling U.S. users to dial a 900 telephone number and enter a personal identification number (PIN). If the 900 number doesn't work, the page instructs users to dial alternate numbers -- one in the West African nation of Cameroon, the other a satellite telephone number.
"You're completely locked out of the system" after the Delf.ctk Trojan horse installs and runs, said Eckelberry. The only way to regain control is to pay up by dialing.
A search on Google for the 900 number returns results pointing to passwordtwoenter.com, a Web site registered to Global Voice SA, a company based in the Republic of Seychelles, an island nation in the Indian Ocean. The IP address used by passwordtwoenter.com is shared with similar domains, including "pintoenter.com" and "chargemyphonebill.com," which are also registered to Global Voice.
Global Voice did not respond to e-mail sent to the address listed in the domain registration information for passwordtwoenter.com.
Ransomware, a term used to describe malware that tries to extort money from users after an infection -- usually to return access to suddenly-encrypted files -- is rare, but not unknown. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed "GpCode," demanded $300 to unlocked frozen files.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts