Skip to main content

Pay-up-or-lose-data malware makes a comeback

Sunbelt-software's (opens in new tab) Alex Eckleberry has discovered a new threat-wielding malware.

The Backdoor.Win32.Delf.ctk Trojan horse forces its victims to dial a premium rate phone number in order to get an activation license fee that will give them back their computers' control.

The victims can also send a text to an SMS number where they will be charged between USD 10 and USD 20 per text.

Computers that have been compromised display a pseudo-Windows error message: "ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic], Surfing PORN, ADULT and some other kind of sites you like without this software is dangerous and threatens with infection of your computer by harmful viruses, adware, spyware, etc."

The premium rate phone number points to a website called passwordtwoenter.com which in turn points to Global Voice, a company that is located in the idyllic island nation of the Republic of Seychelles, in the Indian Ocean.

The company also seems to have affiliates in another African Country of Cameroon and Haiti.

Ramsomware also opens the possibility of having your privacy compromised and having one's computer hijacked and used as a Zombie.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.