Feeds

Ransomware Trojan locks up infected PCs

UK regulator probes pay-by-phone extortion

New hybrid storage solutions

A new strain of "Ransomware" that attempts to coerce victims into paying $35 to unlock their Windows PC, is doing the rounds.

The scam uses a variety of premium rate numbers in different countries, and UK regulator PhonePayPlus is investigating the suspected misuse of a type of premium rate line normally used for sex lines in the UK.

The Delf-CTK Trojan poses as a "Browser Security and Anti-adware" security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error. Ironically, but unsurprisingly, the malware typically uses Windows exploits to infect vulnerable machines.

Prospective marks are invited to call a country-specific premium rate number and enter a PIN to obtain a license code. The US premium rate number belongs to "passwordtwoenter.com", a payment processing firm used by hardcore porn sites, according to anti-spyware firm Sunbelt Software, which was the first to warn of the ruse. Passwordtwoenter.com is registered to Global Voice SA, a firm based in the Indian Ocean island state of the Seychelles.

If the US number doesn't work, prospective marks are invited to call alternate numbers including a satellite telephone number and another in the West African nation of Cameroon, Computerworld adds. UK and French premium numbers also feature in the scam.

The 0909 number British marks are invited to call is reserved for adult premium rate lines, premium rate regulator PhonePayPlus told El Reg. PhonePayPlus agreed to investigate the issue, after we told them about the scam. A spokesman added that he wasn't aware of previous UK cases where malware has been linked to attempts to prompt users into phoning premium rate lines.

Ransomware packages (which began appearing early in 2006) typically use malicious code to gain control of user files, encrypt them, and threaten users that they won't see these files again unless they hand over a cash "ransom" to hackers.

The Delf-ctk Trojan is more subtle than this, the demands are less transparently hostile, and a different (more advanced) payment method is used. Users infected by the malware are locked out of their whole system by malware that takes over their desktop - not just preventing them from opening particular files - so in some ways the Delf-CTK Trojan is nastier than earlier ransomware strains such as Gpcode. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.