Business & Finance
News
1/2/2008
06:08 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

New Malware Demands Pay-By-Phone 'Activation Fee'

A Web search of the 900 number shown to U.S.-based victims is associated with a porn site registered to Global Voice S.A.

Microsoft may have decided to drop the "kill switch" it developed to penalize Windows Vista users who failed to activate their operating system software, but criminal hackers are taking up the slack.

A new Trojan called Backdoor.Win32.Delf.ctk is capable of locking users out of vulnerable systems and demanding a pay-by-phone activation fee.

Victims are presented with the option of sending a text message to an SMS number, billed at a rate of about $10 to $20, or of calling a phone number, billed at about $3 per minute, to obtain a "license code" that will ostensibly unlock their compromised computers.

While system hijacking has been around for years, as the existence of the term "ransomware" proves, Adam Thomas, a malware researcher with Sunbelt Software, said the use of the telephone system for payment is new. "It's the first time I've seen this type of scam being used," said Thomas.

Alex Eckelberry, CEO of Sunbelt Software, in a blog post notes that a Web search of the 900 number shown to U.S.-based victims is associated with a porn site registered to Global Voice S.A., a company that appears to be based in the Republic of Seychelles, an archipelago nation in the Indian Ocean. "Apparently, this is a payment processor that's now being used for malware, whether they know it or not," he said.

Global Voice S.A. lists an e-mail address at global-voice.com in its domain registration contact information. That domain is for sale, according to the Web page at that address.

A company with a confusingly similar name, Global Voice Group, S.A., says that it is a telecommunications company based in Port-au-Prince, Haiti. It does not list a Seychelles branch office.

The domain registrar associated with Web page shown in the Sunbelt blog (backdoor-guard dot com) is ESTDOMAINS, Inc., a Web hosting company based in Wilmington, Delaware with a reputation for hosting malware sites. The backdoor-guard.com malware Web site is registered in Tirana, Albania.

Recently, the government has shown some interest in going after payment processing companies that enable the malware economy. In December, the Federal Trade Commission and seven state attorneys general charged Your Money Access, LLC., a payment processor, with making unauthorized to debit from consumers' bank accounts on behalf of phone-based and Internet-based merchants. It announced a similar lawsuit in January, 2007, when it sued InterBill Ltd., another payment processor.

No doubt there will be more such suits.

Editor's Note: This story was modified Jan. 15 to include the correct links to ESTDOMAINS and the backdoor-guard.com Web site.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.