SMS Ransomware Displays Persistent Inline Ads

September 03, 2009 / Comments (0) / by Dancho Danchev

SMS-based micro-payments are clearly becoming the monetization channel of choice for the majority of cybercriminals engaging in ransomware campaigns. The logic behind this emerging trend is fairly simple, and as everything else in the cybercrime underground these days, it has to do with efficiency.

Compared to micro-payments, the 2008's monetization channel used by GPcode in terms of E-gold and Liberty Reserve accounts communicated over email -- with cases where the gang wasn't even bothering to respond to infected victims looking for ways to pay the ransom -- looks like a time-consuming and largely inefficient way to "interact" with the victims.

Another recently released SMS-based ransomware showing persistent ads within the browser sessions of infected victims, and demanding a premium-rate SMS for removal, is the very latest indication of the micro-payment monetization channel trend.

The DIY ransomware is offered for sale at $100, with the typical "value-added" services in the form of managed undetected binaries through crypting. Since the command and control interface is web based (php+mysql), the author is actively experimenting with new features such as scheduled appearing of the ads, inventory of banners and affiliate program links, and the ability to use multiple SMS numbers next to multiple unlocking codes.

Are the currently active ransomware "vendors" trendsetters or are they still in experimental mode?

The business model of SMS-based ransomware is clearly lucrative, especially in situations where cybercriminals are known to combine two or three different monetization tactics. However, compared to the high profit-margins which cybecriminals earn through the scareware business model, SMS-based ransomware remains a developing market segment.

Related posts:
6th SMS Ransomware Variant Offered for Sale
5th SMS Ransomware Variant Offered for Sale
4th SMS Ransomware Variant Offered for Sale
3rd SMS Ransomware Variant Offered for Sale
SMS Ransomware Source Code Now Offered for Sale
New ransomware locks PCs, demands premium SMS for removal
Who's Behind the GPcode Ransomware?
Identifying the Gpcode Ransomware Author

This post has been reproduced from Dancho Danchev's blog.