14 DAY TRIAL // The ransomware model is really taking off and becomes available even for the inexperienced cybercriminal, who lacks the coding skills to make his own malware. Security consultant and researcher Dancho Danchev is reporting that an SMS-based ransomware variant can be acquired for prices starting at $10.
Ransomware refers to malicious software that blocks access to certain functionality, files or the entire operating system and capitalizes on the user's desire to regain full control of his computer. Obviously, this is achieved through social engineering, which attempts to make the victim think that the application is actually his salvation and not his enemy.
Security researchers speculate that ransomware is the next step in the evolution of scareware (rogueware), malicious software that deceives users by scaring them into acquiring useless licenses, usually claiming that their computers are infected. Since the beginning of the year, we have reported of three new threats holding infected computers for ransom: FakeAlert-CO, also known as System Security 2009, the Brazilian Byte Clark and FileFix Pro 2009.
This latest piece of malware drops a file in the system32 folder and creates start-up registry entries for itself. Called SMSLock by experts, the malicious application runs at system boot and prevents the desktop from being displayed. Furthermore, it locks all windows and the task manager and blocks attempts of removing it.
The user is presented with an alert box, which claims that Microsoft has launched an anti-piracy initiative and that an SMS costing $1 must be sent to a special phone number in order to receive an unlock code. A customized variant, with the client's own SMS information is available for sale at only $10.
An additional $5 can be paid to get a custom version, which is not yet detected by the major antivirus engines. For more knowledgeable cybercrooks who want to make more advanced changes to the application, its source code is offered for $50.
"With the emerging localization on demand services offering translations for phishing, spam and malware campaigns into popular international languages, it wouldn't take long before the SMS ransomware starts targeting English-speaking users next to the hardcoded Russian speaking ones for the time being," warns Dancho Danchev.
