Victims are presented with the option of sending a text message to an SMS number, billed at a rate of about $10 to $20, or of calling a phone number, billed at about $3 per minute, to obtain a "license code" that will ostensibly unlock their compromised computers.
While system hijacking has been around for years, as the existence of the term "ransomware" proves, Adam Thomas, a malware researcher with Sunbelt Software, said the use of the telephone system for payment is new. "It's the first time I've seen this type of scam being used," said Thomas.
Alex Eckelberry, CEO of Sunbelt Software, in a blog post notes that a Web search of the 900 number shown to U.S.-based victims is associated with a porn site registered to Global Voice S.A., a company that appears to be based in the Republic of Seychelles, an archipelago nation in the Indian Ocean. "Apparently, this is a payment processor that's now being used for malware, whether they know it or not," he said.
Global Voice S.A. lists an e-mail address at global-voice.com in its domain registration contact information. That domain is for sale, according to the Web page at that address.
A company with a confusingly similar name, Global Voice Group, S.A., says that it is a telecommunications company based in Port-au-Prince, Haiti. It does not list a Seychelles branch office.
Recently, the government has shown some interest in going after payment processing companies that enable the malware economy. In December, the Federal Trade Commission and seven state attorneys general charged Your Money Access, LLC., a payment processor, with making unauthorized to debit from consumers' bank accounts on behalf of phone-based and Internet-based merchants. It announced a similar lawsuit in January, 2007, when it sued InterBill Ltd., another payment processor.
No doubt there will be more such suits.
Editor's Note: This story was modified Jan. 15 to include the correct links to ESTDOMAINS and the backdoor-guard.com Web site.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.