Business & Finance
News
1/2/2008
06:08 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

New Malware Demands Pay-By-Phone 'Activation Fee'

A Web search of the 900 number shown to U.S.-based victims is associated with a porn site registered to Global Voice S.A.

Microsoft may have decided to drop the "kill switch" it developed to penalize Windows Vista users who failed to activate their operating system software, but criminal hackers are taking up the slack.

A new Trojan called Backdoor.Win32.Delf.ctk is capable of locking users out of vulnerable systems and demanding a pay-by-phone activation fee.

Victims are presented with the option of sending a text message to an SMS number, billed at a rate of about $10 to $20, or of calling a phone number, billed at about $3 per minute, to obtain a "license code" that will ostensibly unlock their compromised computers.

While system hijacking has been around for years, as the existence of the term "ransomware" proves, Adam Thomas, a malware researcher with Sunbelt Software, said the use of the telephone system for payment is new. "It's the first time I've seen this type of scam being used," said Thomas.

Alex Eckelberry, CEO of Sunbelt Software, in a blog post notes that a Web search of the 900 number shown to U.S.-based victims is associated with a porn site registered to Global Voice S.A., a company that appears to be based in the Republic of Seychelles, an archipelago nation in the Indian Ocean. "Apparently, this is a payment processor that's now being used for malware, whether they know it or not," he said.

Global Voice S.A. lists an e-mail address at global-voice.com in its domain registration contact information. That domain is for sale, according to the Web page at that address.

A company with a confusingly similar name, Global Voice Group, S.A., says that it is a telecommunications company based in Port-au-Prince, Haiti. It does not list a Seychelles branch office.

The domain registrar associated with Web page shown in the Sunbelt blog (backdoor-guard dot com) is ESTDOMAINS, Inc., a Web hosting company based in Wilmington, Delaware with a reputation for hosting malware sites. The backdoor-guard.com malware Web site is registered in Tirana, Albania.

Recently, the government has shown some interest in going after payment processing companies that enable the malware economy. In December, the Federal Trade Commission and seven state attorneys general charged Your Money Access, LLC., a payment processor, with making unauthorized to debit from consumers' bank accounts on behalf of phone-based and Internet-based merchants. It announced a similar lawsuit in January, 2007, when it sued InterBill Ltd., another payment processor.

No doubt there will be more such suits.

Editor's Note: This story was modified Jan. 15 to include the correct links to ESTDOMAINS and the backdoor-guard.com Web site.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.