On BNET: Make cool hacks for Google Maps
BNET Business Network:
BNET
TechRepublic
ZDNet

November 30th, 2009

New ransomware attack blocks Internet access

Posted by Ryan Naraine @ 9:32 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Exploit code, Microsoft, Passwords, Research, Viruses and Worms

Tags: Internet Access, License Agreement, Computer Associates International Inc., SMS, Attack, Text Messaging/SMS/MMS, Telephony, Cellular Phones, Security, Consumer Electronics

Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message).

[ SEE: Blackmail ransomware returns with 1024-bit encryption key ]

According CA researcher Zarestel Ferrer, the ransomware file is bundled with a program called uFast Download Manager.  Once a machine is infected, a message is posted in Russian (see image above) demanding a ransom under the guise of activating the uFast Download Manager application.

Here is a rough English translation:

Internet access is blocked due to violation of the
license agreement schedules of uFast Download Manager
You must activate your copy

Get a registration code by sending an SMS with the following
code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response  ________

CA is offering an activation code generator for this particular ransomware variant.

See our previous coverage of ransomware attacks:

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 173 Talkback(s)
True...
except that damn Redmond likes to sneak in the update even when you have it turned completely off!

I've had to fix a few hosed systems that way. Then they wonder why the public is so disgusted with them! Incredible!!! >:(... (Read the rest)
Posted by: JCitizen Posted on: 12/12/09  (Edited: 12/12/09 @ 12:48) You are currently: a Guest | | Terms of Use
If the user accepted the EULA then I guess it's all legal, right?  The Mentalist | 11/30/09
Not true  jdbukis@... | 11/30/09
What if one user finds it so and another user doesn't?  AzuMao | 11/30/09
Wait, a virus blocks itself from transmitting?  georgeou | 11/30/09
Several possible explanations  AzuMao | 11/30/09
Not a virus at all  electro@... | 11/30/09
'Virus' and 'Trojan' are not mutually exclusive terms...  Mew-shew | 11/30/09
Virus vs Trojan vs Worm  fish7170 | 11/30/09
Virus vs Trojan vs Worm  bkfriesen | 12/01/09
While there are technical differences between them...  ye | 12/01/09
It might be common, but it is still misleading, and thus shouldn't be done.  AzuMao | 12/01/09
Not really misleading...  Mew-shew | 12/02/09
@Mew-shew  AzuMao | 12/02/09
@AzuMao - Did you even read my post?  Mew-shew | 12/03/09
@Mew-shew did you even read the page you linked to?  AzuMao | 12/11/09
RE: New ransomware attack blocks Internet access  pj@... | 11/30/09
LOL!  John Zern | 11/30/09
The reason that..  AzuMao | 11/30/09
I think what you're referring to is...  TranMan | 11/30/09
Ya..  AzuMao | 12/01/09
re retroactive  andypiesse@... | 11/30/09
These clowns are born of parthenogenesis  NickNielsen | 11/30/09
You mean like Jesus?  AzuMao | 12/01/09
Say's you..  ess@... | 12/01/09
NickNielsen does.  AzuMao | 12/01/09
hey dude  LinuxFlamer | 12/02/09
Hey LinuxFlamer  AzuMao | 12/02/09
They do have a father...  phatkat | 12/01/09
Agreed.  AzuMao | 12/01/09
Retroactive Abortion Is NOT Neccessary!  arcebus@... | 12/01/09
Ya  AzuMao | 12/01/09
hacker is not the proper term.  satovey@... | 12/02/09
Actually the term is neutral.  AzuMao | 12/02/09
RE: New ransomware attack blocks Internet access  lynne1462@... | 11/30/09
I don't worry about it now.  John Zern | 11/30/09
Who is worried?  apostate | 11/30/09
Because  AzuMao | 11/30/09
Don't forget, too  NickNielsen | 11/30/09
Exactly. So it would be very very bad.  AzuMao | 12/01/09
When the users switch, so do the malware authors...  Mew-shew | 11/30/09
Mainstream OS  fish7170 | 11/30/09
re: Mainstream OS  Badgered | 12/01/09
re:Mainstream OS  mb06bps | 12/01/09
Re: Badgered  AzuMao | 12/01/09
Location?...  JCitizen | 12/01/09
OH NO!! Something that takes advantages of crappy passwords!  AzuMao | 12/01/09
Sophos FUDware  Wintel BSOD | 12/01/09
Always the response...(nt)  JCitizen | 12/01/09
Click on my UAC nanny screen  Wintel BSOD | 12/01/09
re: AzuMao  Badgered | 12/02/09
Something doesn't have to be completely, 100%, in every way infallible just  AzuMao | 12/02/09
RE: "OH NO!! Something that takes advantages of crappy passwords!"  Mew-shew | 12/02/09
No, not like Conficker.  AzuMao | 12/02/09
@AzuMao - Yes, like Conficker.  Mew-shew | 12/03/09
Here's my proof  AzuMao | 12/04/09
My proof? That Conficker attacks weak passwords? Here you go...  Mewshew | 12/04/09
@Mewshew It's obvious that you're the one trolling.  AzuMao | 12/04/09
Do you know how many variants there are now?  AzuMao | 12/01/09
Care to back up that FUDware?  Wintel BSOD | 12/01/09
To bad!  AzuMao | 12/01/09
Linux has an advantage in that . .  hkommedal | 12/01/09
not for long  Tom in Toronto | 11/30/09
It would take some time to adjust though.  hkommedal | 12/01/09
Careful whom you insult, bigot (AzuMao)!  john.foggitt@... | 12/01/09
Nice try  AzuMao | 12/01/09
Sorry,  SkaldedKat | 12/01/09
I was referring to them..  AzuMao | 12/01/09
Amen ! (nt)  hkommedal | 12/01/09
I presume the authorities are on it?  SuzCorner | 11/30/09
No  AzuMao | 11/30/09
of course not!  jasonemmg | 12/01/09
Yeah. And that " stolen" mp3 file  hkommedal | 12/01/09
Well..  AzuMao | 12/01/09
But...  EPanzeter | 12/01/09
Care to cite...  Wintel BSOD | 12/01/09
Yes, many of them would.  hkommedal | 12/01/09
There we go with 'stupid users' again..  JCitizen | 12/04/09
Keep in mind this only applies if you don't use automatic updates.  AzuMao | 12/05/09
True...  JCitizen | 12/12/09
No danger of that  tracy anne | 12/01/09
Sooner or later some of them may get tired of . .  hkommedal | 12/01/09
Well your dealing with 20 years of Windoze programming  Wintel BSOD | 12/01/09
Solution:  AzuMao | 12/01/09
A LINIX And MAC USER HERE  marykmac07 | 12/01/09
Just don't forget..  AzuMao | 12/02/09
MAC OSx Security Holes  DT2 | 12/02/09
GOOD! Maybe you can tell me..  JCitizen | 12/04/09
Try  AzuMao | 12/05/09
Thanks!!...  JCitizen | 12/12/09
Just another variation on crime  LarryPTL | 11/30/09
Fools & Suckers  RazorEdge | 11/30/09
Until YOU get caught  chaz15 | 11/30/09
Maybe not...  LeeC | 11/30/09
Thought  chaz15 | 11/30/09
*takes it* Happy?  AzuMao | 12/01/09
Right..  AzuMao | 12/01/09
Another even MORE SURE way.  hkommedal | 12/01/09
Here's an even surer (but much less boring) way!  AzuMao | 12/01/09
I would not say MORE sure, but just AS sure.  hkommedal | 12/02/09
More sure.  AzuMao | 12/02/09
Dang! Just as I was going to try that..  JCitizen | 12/04/09
RE: New ransomware attack blocks Internet access  hforman@... | 11/30/09
ha ha ha yea that'll happen  P. Dickason, CNE, MCSE, CCA | 11/30/09
RE: New ransomware attack blocks Internet access  fish7170 | 11/30/09
It work on Windows only. It also takes . .  hkommedal | 12/01/09
I read about a lot of cross platform..  JCitizen | 12/04/09
I think he just meant the malware talked about in this article.  AzuMao | 12/05/09
Just helping point out..  JCitizen | 12/10/09
RE: New ransomware attack blocks Internet access  nimrod666 | 11/30/09
Whatever the case  invenio | 11/30/09
Now WAIT just a cotton pickin minute ...  kd5auq | 12/01/09
Piracy is fine..  AzuMao | 12/01/09
Actual block or just clever message?  scott1329 | 12/01/09
Re: Actual block or just clever message  rpolunsky@... | 12/02/09
New ransomware attack  as901 | 12/01/09
RE: New ransomware attack blocks Internet access  wcallahan@... | 12/01/09
Ransomeware, comes in many forms...  babznme@... | 12/01/09
YES !  jasonemmg | 12/01/09
Always click the red x in the corner  ghall@... | 12/01/09
Re;but can't it just be programmed to launch ?  hkommedal | 12/01/09
Unless it's actually, you know, malware.  AzuMao | 12/01/09
RE: New ransomware attack blocks Internet access  ljmace1953 | 12/01/09
RE: New ransomware attack blocks Internet access  alanoftulsa@... | 12/01/09
RE: New ransomware attack blocks Internet access  proadventurer | 12/01/09
Because  AzuMao | 12/01/09
RE: New ransomware attack blocks Internet access  1Rab | 12/01/09
RE: New ransomware attack blocks Internet access  luiant1 | 12/01/09
If you don't click on the message...  JCitizen | 12/01/09
RE: New ransomware attack blocks Internet access  daddy1958 | 12/01/09
RE: New ransomware attack blocks Internet access  daddy1958 | 12/01/09
25 posts until Windows Bashing  jhand47201 | 12/01/09
I agree with this  Crestview | 12/01/09
Thirded.  AzuMao | 12/01/09
Got it, love it  Crestview | 12/01/09
I'm glad you got the joke.  AzuMao | 12/01/09
Good thing that...  arminw | 12/01/09
Its amazing  Crestview | 12/01/09
How would ANY koolaide drinker make any sense ?  hkommedal | 12/01/09
So you wouldn't like any Socratic kool-aid, then?  AzuMao | 12/01/09
I think that actually killed him. (nt)  hkommedal | 12/02/09
He meant that by making Windows users look like  AzuMao | 12/01/09
I always find that if you post something  hkommedal | 12/02/09
Exactly. By insulting the intelligence of REAL Windows lovers with his  AzuMao | 12/02/09
Yes, and then you would lose..  JCitizen | 12/04/09
As with anything there is always away around it  Crestview | 12/01/09
RE: New ransomware attack blocks Internet access  cyberscan | 12/01/09
This malware DEPENDED on user stupidity.  hkommedal | 12/01/09
Actually, it's all of those.  AzuMao | 12/01/09
RE: New ransomware attack blocks Internet access  KineticArtist | 12/01/09
But..  AzuMao | 12/01/09
RE: Caveat Emptor  KineticArtist | 12/01/09
RE: New ransomware attack blocks Internet access  levinson | 12/01/09
Remember most criminals are not smart.  phatkat | 12/01/09
Maybe, just maybe..  AzuMao | 12/01/09
Keymaker by CA?  Gis Bun | 12/01/09
Why do they all end in 0? Are they actually ranges?  AzuMao | 12/01/09
RE: New ransomware attack blocks Internet access  marykmac07 | 12/01/09
Exactly.  AzuMao | 12/02/09
Anyone else notice something about the picture?  Lerianis10 | 12/02/09
Except that starting with Windows 7 UAC can be bypassed by default.  AzuMao | 12/02/09
re: except  Badgered | 12/02/09
If you're addicted to MS ones like IE and Outlook Express, yes to both;  AzuMao | 12/02/09
If you can afford it!  lehnerus2000 | 12/02/09
The real virii  LinuxFlamer | 12/02/09
Where in the article does it say this only has to do with Windows?  AzuMao | 12/02/09
I always find that if you post insults,  hkommedal | 12/02/09
Let's see if it works..  AzuMao | 12/02/09
Haww...  bendib | 12/03/09
RE: New ransomware attack blocks Internet access  koko67 | 12/03/09
RE: New ransomware attack blocks Internet access  jackie40d@... | 12/06/09
Heck, Jackie - I used to get attacked...  JCitizen | 12/10/09
You're both being silly.  AzuMao | 12/10/09
It's fun being silly! =)  JCitizen | 12/11/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here