Ransomware Trojan Attempts To Extort Victims

Filed in archive Malware by Sue Walsh on January 4, 2008

A new Trojan making the rounds offers a new twist-it takes over your desktop and won't go away unless you pay $35! Call it ransomware. The Trojan, called Backdoor.Win32.Delf.ctk, locks the user out of their desktop and displays this full screen, poorly spelled warning:

"ERROR: Browser Security and Antiadware Software component license exprited!"

It goes on to a grammatically nightmarish explanation of what could happen if you don't renew this supposed "license".

(It also assumes the user enjoys surfing porn sites!). Clicking on "Click to activate new license" prompts the user to call a 900 number in order to fork over their $35, and offers two international numbers in case they have any problems. The 900 number appears to belong to a payment processor used by porn sites. Sunbelt Software has provided a screen by screen walkthrough here. Unfortunately, while the bad spelling and grammar are a clear tip off that it's a scam, by the time any of your users are viewing the "warning" it's too late. The only way to regain control of the infected system is to pay the $35. None of the big anti-virus vendors have come up with a removal tool yet, and it's not clear if the Trojan can be eliminated by a hard drive reformat. This new trend is definitely one to keep a very close eye on!

Related Entries:

Anti-anti-spam spam: Spam is becoming plain silly - 11 January 2007
Kaspersky Security 6.0 For Exchange Server 2007 Beta Release... - 19 November 2007
Successful Spammers To Get More Time in the Slammer - 07 December 2007
BotNet Hitting Networks Hard - 13 December 2007
Botnets-How They Work and What They Can Do - 15 December 2007
December State of Spam Report - 14 December 2007
Sponsored Post: Spikes In Spam Put Your Business at Risk - 19 December 2007
McAfee Releases GroupShield for Microsoft Exchange - 21 December 2007
BitDefender Announces 2007 Top 10 Lists - 02 January 2008

« BitDefender Announces 200... | Main | 11 Indicted in Pump and D... »

Permalink: Ransomware Trojan Attempts To Extort Victims

Tags: spam spammers malware phishing trojans server antispam exchange server antispam antispyware email se

Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/109424

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Mr Wong

Netscape

Netvousz

Newsvine

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Vote for Ransomware Trojan Attempts To Extort Victims:

Currently 10.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 10.00 out of 2 vote(s) cast.

Response from: Trojanvictim (01/10/08 2:53pm)

look for a file called LOCKER.exe (LOCKER.EXE-0FFA166A in my case) in the registry (do a search). Delete this (from safe mode) reboot and you should be OK. Took a while and some $$ to find it, but this is what I was told by our tech guy.

Response from: Jenny (11/03/08 5:16am)

Clean out those bugs and viruses
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my computer until I realized that I needed a good scan to clean out those bugs and viruses that was the real problem. When I started using Search-and-destroy it took care of this problem and now my PC is running like new again. The antispyware solution from Search-and-destroy, which you can find at http://www.search-and-destroy.com,
has made a big difference for me and I’m sure you’ll be happy with it too.