14 DAY TRIAL // Security researchers warn that ransomware has taken yet another step in its course of replacing the scareware model. After encrypting documents or blocking all applications and holding them for ransom, a new trojan is interfering with the browsing experience and displays rogue ads, which cover part of the legit pages.
Ransomware refers to malicious software that is designed to block certain aspects of a computer's functionality and ask for money in order to restore normal behavior. In comparison to scareware, which uses scare tactics, usually in the form of fake security alerts, in order to trick the user into paying for useless licenses, the ransomware approach is much more direct, intrusive and potentially damaging.
The new threat, identified by Symantec as Trojan.Ransompage, injects an in-line advertisement of adult nature in every page opened in the browser. In addition to being potentially embarrassing, this ad can also prove highly irritating, because it will always cover a part of the original website.
The text written on the banner is in Russian and instructs the user to send a text message to a premium rate phone number. In return, they are promised to receive a special code that will make the ad disappear and also grant them access to an archive of explicit videos.
"Obviously this is very annoying ad and the victim may just decide to use a different browser. The malware author thought of this too [...] and actually targets the following three browsers: Internet Explorer, Firefox and Opera," Fred Gutierrez, malware analyst at Symantec, advises.
There's one piece of good news, though. The malware targets Firefox under the form of a browser extension, making it easy to uninstall. Moreover, the extension is not compatible with Firefox 3.5.1, the latest version of the popular browser.
This is not the first SMS-based ransomware threat. Back in May, a similar malicious application of Russian origin was put up for sale at 10$ for a customized version. Dubbed SMSLock, the software displayed a warning message instead of the normal Windows desktop on infected computers and instructed users to send an SMS message in order to receive an unlock code for their operating system.