[ insider_reports_insider ]
Russian Ransomware Requires SMS Unlock Code
SecurityProNews
Staff Writer
2009-04-21
 Insider Reports RSS Feed
Malicious software designed to lock up a victim's computer until a ransom is paid, called ransomware, is making the rounds again. This latest variant, tabbed by security companies as Trojan.Ransomlock, prompts the victim to send an SMS message to begin the unlocking process.
 | | Russian Ransomware Requires SMS Unlock Code |  |
The culprit stems from a Russian source and is likely aimed at Russian-speaking victims. But as we know, effective malware often makes it into English for greater exposure. This particular sample, though, is region specific.
The Trojan activates at computer startup with a message which translates as:
Windows blocked
to unlock the need to send an sms with the text
412857964
to number
3649
Enter the resulting code:
Researchers looking into this sample of ransomware were unable to test what happens when the text message is sent because texting in this case is region specific. One explanation is that the authors receive an unknown amount of money for each text sent.
Atif Mushtaq, of FireEye Malware Intelligence, says there's been "a disturbing uptick" in ransomware over the past few weeks. On the FireEye blog, Mushtaq suspects the 412857964 number is dynamically created by the virus itself and is a trigger to produce the resulting unlock code.
Through observation of the virus's behavior, Mushtaq says the virus boots at the same time a user logs in and communicates with a bogus domain: ogggooogoggoog.com, which is registered to a Russian registrant.
Symantec has reverse-engineered similar Trojans and created an unlock tool. Mushtaq says the tool won't work on this latest variant.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
