Ransomware Trojan Attempts To Extort Victims
Filed in archive Malware on January 4, 2008
A new Trojan making the rounds offers a new twist-it takes over your desktop and won't go away unless you pay $35! Call it ransomware. The Trojan, called Backdoor.Win32.Delf.ctk, locks the user out of their desktop and displays this full screen, poorly spelled warning:
"ERROR: Browser Security and Antiadware Software component license exprited!"
It goes on to a grammatically nightmarish explanation of what could happen if you don't renew this supposed "license".
(It also assumes the user enjoys surfing porn sites!). Clicking on "Click to activate new license" prompts the user to call a 900 number in order to fork over their $35, and offers two international numbers in case they have any problems. The 900 number appears to belong to a payment processor used by porn sites. Sunbelt Software has provided a screen by screen walkthrough here. Unfortunately, while the bad spelling and grammar are a clear tip off that it's a scam, by the time any of your users are viewing the "warning" it's too late. The only way to regain control of the infected system is to pay the $35. None of the big anti-virus vendors have come up with a removal tool yet, and it's not clear if the Trojan can be eliminated by a hard drive reformat. This new trend is definitely one to keep a very close eye on!
Permalink: Ransomware Trojan Attempts To Extort Victims
Tags: spam spammers malware phishing trojans server antispam exchange server antispam antispyware email se
Vote for Ransomware Trojan Attempts To Extort Victims:
|
Rating: 10.00 out of 2 vote(s) cast.
|
Response from:
Trojanvictim
(01/10/08 1:53pm)
look for a file called LOCKER.exe (LOCKER.EXE-0FFA166A in my case) in the registry (do a search). Delete this (from safe mode) reboot and you should be OK. Took a while and some $$ to find it, but this is what I was told by our tech guy.
Response from:
Jenny
(11/03/08 4:16am)
Clean out those bugs and viruses
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my computer until I realized that I needed a good scan to clean out those bugs and viruses that was the real problem. When I started using Search-and-destroy it took care of this problem and now my PC is running like new again. The antispyware solution from Search-and-destroy, which you can find at http://www.search-and-destroy.com,
has made a big difference for me and I’m sure you’ll be happy with it too.
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my computer until I realized that I needed a good scan to clean out those bugs and viruses that was the real problem. When I started using Search-and-destroy it took care of this problem and now my PC is running like new again. The antispyware solution from Search-and-destroy, which you can find at http://www.search-and-destroy.com,
has made a big difference for me and I’m sure you’ll be happy with it too.
| RSS |  |
 | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Follow us on Twitter! |
Most Popular
Announcements
Anti-Spam Tools
Archival Tools
Best of
Did you know
Events
Fight!
Information about
Malware
Misc
Phishing
Security measures
Spam
Spam News
Spyware