A new Trojan making the rounds offers a new twist-it takes over your desktop and won't go away unless you pay $35! Call it ransomware. The Trojan, called Backdoor.Win32.Delf.ctk, locks the user out of their desktop and displays this full screen, poorly spelled warning:

"ERROR: Browser Security and Antiadware Software component license exprited!"

It goes on to a grammatically nightmarish explanation of what could happen if you don't renew this supposed "license".

(It also assumes the user enjoys surfing porn sites!). Clicking on "Click to activate new license" prompts the user to call a 900 number in order to fork over their $35, and offers two international numbers in case they have any problems. The 900 number appears to belong to a payment processor used by porn sites. Sunbelt Software has provided a screen by screen walkthrough here. Unfortunately, while the bad spelling and grammar are a clear tip off that it's a scam, by the time any of your users are viewing the "warning" it's too late. The only way to regain control of the infected system is to pay the $35. None of the big anti-virus vendors have come up with a removal tool yet, and it's not clear if the Trojan can be eliminated by a hard drive reformat. This new trend is definitely one to keep a very close eye on!