Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    A new Trojan locks up machines completely and makes unwitting victims fork over an amount to be able to access their systems again, Sunbelt first reported. Trend Micro detects the said ransomware Trojan as TROJ_RANSOM.B.

    TrendLabs found that users could download the said malware from the site http://{BLOCKED} Once it is on a system and has dropped its components, it renders the user incapable of using his machine and displays the following image:

    The message on top of the screen reads:

    ERROR: Browser Security and Antiadware Software component license exprited!

    Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update;

    Because the system’s “antiadware software” is supposedly already expired, the Trojan asks for a reactivation fee that affected users have the option of paying through SMS (short messaging service) or a call. If the user chooses the former, he/she only need send a text message to a specified number and will be charged £10, if in the UK. If, however, he/she chooses to make the call, he/she will be charged $35 in the US (or £1.50 for every minute, in the UK). Doing so, the user gets a “license code” that is the key to the “system unlock” to enable him/her to use his/her system again.

    The numbers used are premium rate, according to The Register, and differ depending on which country the user is in. In the UK, the regulator PhonePayPlus has said in an interview with the aforementioned IT news site that an adult line could have been misused for this purpose.

    The last we have seen of ransomware was back in August, when TROJ_GPCODE.AB and TROJ_GPCODE.AC were found to encrypt files with certain extensions, offering $150 to have the user’s files decrypted. A little earlier, in July, another ransomware detected as TSPY_KOLLAH.F also encrypted files with certain extensions, but demanded a heftier price ($300) to decrypt the files with their software. Both left behind ransom notes in README text files, offering software that could crack open the files, with set deadlines, too.

    The difference with this new strain is that it takes a different tactic by actually sounding more polite, even saying the magic word “please”. Even so, it is more “cruel” in the sense that it not only targets certain files but the machine itself.

    Trend Micro customers are already protected from this threat and won’t find themselves locked out of their systems.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice