Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
    • About Us
    Trendlabs Security Intelligence > SMS Ransomware Tricks Russian Users

    Online criminals are always seeking out tactics that would help monetize their activities.  Potential victims repeatedly fall for the traps that cybercriminals set up such as when they end up downloading malware instead of freeware or pornographic materials. Oftentimes, the realization that their machine is being held ransom comes too late.

    One method often used involves disabling the functionality of the compromised computer until the victim dials a premium-rate SMS number. One such cybercriminal operation involves a recent SMS ransomware campaign that has been targeting Internet users in Russia and demanding a 360-RUR (about US$12) ransom. Affected systems would consistently display the image below and prevent users from accessing their desktops and applications until they provide the required ransom.

    Click for larger view

    In this particular example, users downloaded a file detected by Trend Micro as WORM_RIXOBOT.A. The file was downloaded from a single website over 137,000 times in December 2010 alone, mostly by users from Russia.  In this case, the worm was downloaded from a pornographic website. However, it may have also been propagated through other means.

    Cybercrime is a serious matter for cybercriminals who run these campaigns much like ordinary businesses and keep financial records for their own reference. In our research, we were able to access a panel that was used to keep track of the specific income generated by at least 60 phone numbers used in ransomware campaigns. The list contains 60 phone numbers displayed by the ransomware and used to receive funds from victims.

    Click for larger view Click for larger view

    Based on our findings, this campaign was able to generate 901,245 RUR (US$29,435) over the last five weeks. With a payment of approximately US$12 per transaction, this indicates that 2,500 people paid the ransom. Users are thus advised to be more wary about their online activities. As this particular ransomware campaign proves, cybercrime is a serious business that comes at a price.

    Update as of January 16, 2011, 10:09 a.m. (UTC)
    WORM_RIXOBOT.A has been renamed to TROJ_RANSOM.QOWA.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Wednesday, January 12th, 2011 at 2:17 pm and is filed under Bad Sites, Malware, Mobile . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice