CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 1st, 2009

Ransomware Blocks Internet Access, Forces Users To Send Premium Rate SMS

Miscreants have developed a ransomware package that blocks internet access in a bid to force infected users into paying up by sending a text message to a premium rate SMS number, lining the pocket of cybercrooks in the process.

The malware comes bundled in a package called uFast Download Manager and targets potential marks in Russia. Users of infected machines are told (via a Russian language message) that they need to send a text message in order to obtain an activation code for the product, which (ironically) poses as a software package designed to increase download speeds. Victims are told that internet access has been blocked in the meantime because of supposed violations of a licensing agreement.

The ploy is a variant on previous ransomware packages that encrypt and block access to document files. One strain of ransomware detected in January 2008 locks up Windows machines, seeking payment via SMS. That threat wasn’t specific to Russia and didn’t affect a net connection as such but is otherwise very similar to the latest attack.

CA, which detects the threat as RansomSMS-AH, explains how the malware works in greater depth in a blog posting featuring screenshots culled from infected machines.

English translation:

Internet access is blocked due to violation of the
license agreement schedules of uFast Download Manager
You must activate your copy

Get a registration code by sending an SMS with the following
code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response ________

The anti-virus vendor has developed an activation code generator that allows victims to get online again – providing they can download the utility through an uninfected machine first, of course.

CA ISBU activation code generator for this particular ransomware can be found here. It can create activation code only for ransomware detected by CA as Win32/RansomSMS.AH.

Credit: The Register, CA Community Blogs

Share this item with others:

More on CyberInsecure:
  • New LoroBot Ransomware Encrypts Files, Demands $100 For Decryption
  • New Symbian OS Malware Silently Transfers Mobiles Account Credit
  • Trojan Porn Dialers Make Comeback On Mobile Phones
  • New Scareware Blocks Access To Popular Websites, Demands Fake “Internet Security 2010″ To Be Installed
  • UEFA Lottery Scam Targets UK Football Fans

    • Posted in Cybercrime, Malware, Scams, Software, Windows | Print This Post Print This Post

    This entry was posted on Tuesday, December 1st, 2009 at 3:28 pm and is filed under Cybercrime, Malware, Scams, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Ransomware Blocks Internet Access, Forces Users To Send Premium Rate SMS

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »