| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 86107 | 2008-01-03 22:29:00 | Ransomware Threat | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 627174 | 2008-01-03 22:29:00 | Arriving as what looks like a warning and then as a Windows Update, it is a spoofed page that takes you to a site the number of which can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography websites to charge for access to their content, added Eckelberry. The new "ransomware" that locks up a person's PC is demanding $35 in order to return control to the user, a security researcher has warned this week. The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of US security developer Sunbelt Software Distribution. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography websites to charge for access to their content, added Eckelberry. LINK HERE (www.techworld.com) Non-American LINK HERE (www.theregister.co.uk) If the US number doesn't work, prospective marks are invited to call alternate numbers including a satellite telephone number and another in the West African nation of Cameroon, Computerworld adds. UK and French premium numbers also feature in the scam. The 0909 number that British marks are invited to call is reserved for adult premium rate lines, premium rate regulator PhonePayPlus told El Reg. PhonePayPlus agreed to investigate the issue, after we told them about the scam. A spokesman added that he wasn't aware of previous UK cases where malware has been linked to attempts to prompt users into phoning premium rate lines. The Delf-CTK Trojan poses as a "Browser Security and Anti-adware" security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error. Ironically, but unsurprisingly, the malware typically uses Windows exploits to infect vulnerable machines. "You're completely locked out of the system" after the Delf.ctk Trojan horse installs and runs, said Eckelberry. The only way to regain control is to pay up by dialling. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed "GpCode," demanded $300 to unlocked frozen files. |
SurferJoe46 (51) | ||
| 627175 | 2008-01-03 22:31:00 | Ouch... | somebody (208) | ||
| 627176 | 2008-01-03 22:50:00 | Someday, I'm going to find these bastards and torture them to death..... | qazwsxokmijn (102) | ||
| 627177 | 2008-01-03 23:09:00 | At least this one doesn't encrypt your files.... now THAT would be evil! | Erayd (23) | ||
| 627178 | 2008-01-03 23:14:00 | At least this one doesn't encrypt your files.... now THAT would be evil! Yet another reason why regular backups are important :) |
somebody (208) | ||
| 627179 | 2008-01-03 23:50:00 | I wonder what protection . . . besides operator mistakes could be used for this . Dodgy sites being discounted, is there any real threat to this from just surfing or opening an e-mail? If it gets in before you back-up . . . do you also back-up the trojan too? Hmmmmmm? Wonder when the payload delivers? The same time it enters? Next re-boot? Tomorrow? 24 . 556 hours later? Friday, the 6th of the month? |
SurferJoe46 (51) | ||
| 627180 | 2008-01-04 00:19:00 | Yup there was another ransomware one (Archiveus), that was encrypted. Which combines files from the My Documents folder on Windows machines and exchanges them for a single, password-protected file, which it will not unlock unless a password is given. But the idiot who made it, put the password (30 digits), in the code lol, so it was easy to fix Actually, theres 2 different passwords for 2 different als files. |
Speedy Gonzales (78) | ||
| 1 | |||||