Computer Associates' Internet Security Business Unit, first discovered the new trojan bundled with software named uFast Download Manager. Once downloaded the software was installed along side the uFast download manager without informing the user. The trojan then goes to work blocking internet access until the user enters an activation code. This activation code is obtained by sending an SMS containing a particular number to an expensive premium rate phone number – CA does not mention the sum involved.
The malware, dubbed 'Win32/RansomSMS.AH', appears to be Russian in nature, as it uses a Russian language GUI. The ransom page translates to state:
CA withheld the details of the amount involved in sending the SMS to the premium rate phone service however past ransomware programs demanded upwards of $50-60 for removal. This time around CA ISBU found a way to circumvent the activation scheme and created an activation code generator for this particular ransomware. As of yet there has been no word on actual removal tools. It is suggested that you keep your AV, anti-malware and anti-spyware update to possibly stave off infection.Internet access is blocked due to violation of the
license agreement schedules of uFast Download Manager
You must activate your copyGet a registration code by sending an SMS with the following
code fw0004199 to number ****In response you will receive an activation message.
Enter the activation message received from the SMS response ________
Source: CA Security Advisor Research Blog
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net