Regulator sniffs mobile services bods: 'Something's off. Hand me the probe'

PhonepayPlus says there's 'evidence' of ransomware-style marketing

New hybrid storage solutions

UK premium rate regulator PhonepayPlus has launched an investigation into five mobile phone subscription services after it said that evidence had emerged that each had been marketed though ransomware-style browser lock-in tactics.

Bafona Ltd’s Zovut subscription service, which costs £4.50 per week, is billed as a chance to compete for top-end Apple kit including iPad3 and iPhone5 by taking part in a quiz. Online marketing affiliates involved in the scheme allegedly used malware to "force them to interact" with the Zovut subscription service, according to PhonepayPlus.

In a statement, PhonepayPlus said it had suspended the Zovut subscription service pending an emergency investigation into the issue, which emerged as a problem through its internal monitoring rather than through complaints from UK consumers.

PhonepayPlus, the UK regulator for premium rate telephone services, has launched an Emergency procedure investigation under paragraph 4.5 of its Code of Practice (Twelfth Edition) (the Code), following internal monitoring conducted by PhonepayPlus.

This monitoring evidenced affiliate marketing that appeared to utilise a form of malware known as ransomware to lock consumers’ internet browsers and force them to interact with online offers which directed them to the Level 2 provider, Bafona Ltd’s “Zovut” subscription service(s).

Bafona Ltd has been identified as the Level 2 provider responsible for the service. A Tribunal will decide whether the service is in breach of the Code as soon as is reasonably possible after PhonepayPlus has received a response from the Level 2 provider to its Emergency procedure breach notice, which is to be sent to Bafona Ltd in due course. The service has now been suspended pending conclusion of the investigation and a decision by the Tribunal.

In the meantime, other providers are reminded that enabling this service, or any other services that operate in a similar way, may result in breaches being raised against them.

Four other services are all being investigated for allegedly using similarly illicit ransomware tactics. Each has been suspended pending an emergency probe. The four other suspended subscription services are R&D Media Europe’s "zemgoogs", Jesta Digital GmbH’s "gamester", Gico Europe LLP’s "triviato" and Bitstacker Limited’s "lottobytext".

Ransomware refers to a form of malware that typically locks up systems and accuses the user of some fictitious crime, from distributing music or films on file-sharing networks to circulating child-abuse images. Strains of ransomware Trojans, such as Reveton, often feature police logos to make extortionate demands look more plausible. Victims are typically coerced into coughing up a "fine" of about £100 using untraceable cash vouchers in order to obtain codes to unlock their computers.

When El Reg asked the regulator how the offending behaviour would have presented itself to consumers of premium rate subscription services, it said: "We are still conducting our investigation so it would be inappropriate to comment beyond what we have already released."

Chris Boyd, a senior threat researcher at ThreatTrack Security, said the anti-malware firm had not come across any samples related to the alleged scams highlighted by PhonepayPlus as yet. Boyd was however able to explain the likely scenario behind the alleged scams.

"Although we've had no direct contact with the ransomware mentioned, it sounds like a piece of DIY ransomware where the PC is locked and displays offers and surveys in a window that hijacks the desktop (displaying content loaded from the scammers website), instead of the usual "Pay $200 to unlock your computer and recover your files," Bod explained.

"There are many building tools out there which would allow someone to make a piece of ransomware similar to the one mentioned, and as surveys often display everything from iPad offers and shopping vouchers to mobile subscription services and ringtone deals, it seems likely this could be the scenario described in the [PhonepayPlus] release."

Last December, ThreatTrack Security blogged about an apparently unrelated strain of DIY ransomware that locks up infected PCs with survey offers. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.