Thursday, July 16, 2009

4th SMS Ransomware Variant Offered for Sale

Locking down an infected Windows-based host and demanding a premium rate SMS message for the unlock code (SMS Ransomware Source Code Now Offered for Sale; New ransomware locks PCs, demands premium SMS for removal; 3rd SMS Ransomware Variant Offered for Sale), is slowly becoming a trend, that despite its current geographical prevalence evident in Russia, it could easily become an international issue due to the cost-effective localization services available on demand these days.

Yet another SMS-based ransomware variant is offered for sale ($10), making this the 3rd such variant available for purchase during the past couple of months. The author appears to be a Moscow-based opportunist, clearly interested in making a quick buck and lacking any long-term ambitions - at least for the time being. Despite that the message and the visual interface can be changed on request, the default version is once again insisting that Microsoft locked down this copy of Windows because it detected it as pirated copy, and in order to unlock it the user has to send an SMS in order to receive the unlock code.

What bothers me is not the potential "spread-ibility" of his campaigns that is if he turns into a user of his own code, but how easily and cost-effectively his customers can push the ransomware to a huge number of already infected malware hosts.

This post has been reproduced from Dancho Danchev's blog.