Micro-payment Ransomware with New Features Detected

According to news reports published by Softpedia on August 28, 2009, two fresh versions of a 'ransomware' or a malware that blackmails a computer user to send a SMS at premium rated phone number has reportedly been making the rounds on the web.

Online security researchers have unlocked the algorithm that the ransomware uses so that the same codes could be utilized to free the infected PCs from the malware's control.

After the installation on a PC running Windows operating system, the rogue program that pretends to be an anti-piracy utility prevents the user from accessing the system as well as exhibits an alert message in Russian language hiding the desktop.

The bogus warning tells the user that his Windows has been locked and the OS is a pirated version. However, to keep on using it, the user has to get the unlocking tool, for which, he must send a SMS asking for the activation code. With this activation code, he can unlock his version of Windows.

Previously during May 2009, Dancho Danchev, an independent security advisor, mentioned the discovery of the ransomware. Since then, Danchev had been monitoring the threat. Now he cautions that it is in its sixth version with many new features have been developed starting from the time of its first issue.

The recent version of the ransomware is capable of proliferating via detachable media devices, matches well with Windows7 and presents the capability of using several phone numbers as backup.

Additional facilities comprise the capability of evading the "Safe Mode," adjusting the alert missive, preventing the use of taskbar, and using unique keyboard shortcuts. When the code for unlocking is entered, it would lead to the un-installation of the ransomware, which would then modify the system against re-infection.

Meanwhile, hoping for possible monetary benefits, cyber criminals are spending their resources and time to develop new facilities for the 'ransomware.' The recent twin releases suggest the criminals' ambitions and motivation surrounding the ransomware.

Further, Computer Associates, a security company, too warns of the new ransomware variants that it has detected as Win32/RansomSMS and Win32/RansomSMS.Q.

Related article: Macro Virus Deceive Users With Infected Word Document

» SPAMfighter News - 9/15/2009