Online criminals are always seeking out tactics that would help monetize their activities. Potential victims repeatedly fall for the traps that cybercriminals set up such as when they end up downloading malware instead of freeware or pornographic materials. Oftentimes, the realization that their machine is being held ransom comes too late.
One method often used involves disabling the functionality of the compromised computer until the victim dials a premium-rate SMS number. One such cybercriminal operation involves a recent SMS ransomware campaign that has been targeting Internet users in Russia and demanding a 360-RUR (about US$ 12) ransom. Affected systems would consistently display the image below and prevent users from accessing their desktops and applications until they provide the required ransom.
In this particular example, users downloaded a file detected by Trend Micro as WORM_RIXOBOT.A. The file was downloaded from a single website over 137,000 times in December 2010 alone, mostly by users from Russia. In this case, the worm was downloaded from a pornographic website. However, it may have also been propagated through other means.
Cybercrime is a serious matter for cybercriminals who run these campaigns much like ordinary businesses and keep financial records for their own reference. In our research, we were able to access a panel that was used to keep track of the specific income generated by at least 60 phone numbers used in ransomware campaigns. The list contains 60 phone numbers displayed by the ransomware and used to receive funds from victims.
Based on our findings, this campaign was able to generate 901,245 RUR (US$ 29,435) over the last five weeks. With a payment of approximately US$ 12 per transaction, this indicates that 2,500 people paid the ransom. Users are thus advised to be more wary about their online activities. As this particular ransomware campaign proves, cybercrime is a serious business that comes at a price.
Post from: TrendLabs | Malware Blog – by Trend Micro
SMS Ransomware Tricks Russian Users
Full story: TrendLabs | Malware Blog – by Trend Micro
Related Posts
- Russian mobile users targeted by SMS Valentine Trojan
A Valentine's Day mobile application, which promises to send an romantic MMS message to a loved one, actually hides a money-making scheme that sends expensive messages to a Russian premium rate SMS nu... - Another Russian Ransomware Spotted
Our recent Web Threat Spotlight article discussed TROJ_RANSOM.QOWA—an SMS ransomware that targets Russian users. It asks for a ransom by instructing victims to dial a premium-rate number in order to ... - Russian ransomware and Flash Player update
These days Fake Adobe Flash Players are everywhere. The bad guys know that the majority of people cannot tell the difference between them. To be honest, when Adobe prompts you for a Flash Player updat... - Google Chrome-Protecting users from malicious downloads
Google has introduced a new feature for its Chrome browser that will display a warning if a user attempts to download a suspected malicious executable file.
The Chrome team are enhancing the impl... - Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engi... - Hacker Group Changes Millions of Passwords to “password”; Only 38% of Users Notice
Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected user... - How to Design Security Warning Messages to Protect Users
Computer users are presented with a steady stream of security warnings, which are designed to help users avoid taking actions that put their systems and data at risk. Sometimes, a click on the OK butt... - ZeuS Targets Mobile Users
As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the yea... - Facebook Stalker Tracker Tool Turns Users into Spammers
Privacy has been one of the major concerns of Facebook users roday, especially as the social network continues to increasingly grow to become a massive directory of personal information. Users are bec... - Don’t Confuse ‘Anonymous’ With a Russian Gang
The recent WikiLeaks disclosure of more than 250,000 U.S. State Department diplomatic cables got people worked up. Running opposite much public opinion, the main WikiLeaks defender in the hacktivism f...
Posted on 13 January 2011. Tags: Ransomware, Russian, tricks, users
