Ransomware Poses as Browser Security Software

Sunbelt Software has released details about an extortion scam involving a Backdoor Trojan virus and a pay-by-phone payment processor. Users infected by Win32.Delf.ctk become locked out of their system, unable to access any of their files. A message, designed to look like a Windows Security Center warning, is displayed.

Taking up the entire screen, this fake error states that the user's "Browser Security and Antiadware Software component license" has expired. Ironically, the message warns that surfing high-risk sites without this kind of software is a threat to your computer's safety. Clicking to activate your new license brings up a subsequent screen which instructs the user to call a phone number to complete the activation process. The number, which differs depending on your location, connects you to a payment processor which in turn charges $35 USD for the call. According to Alex Eckleberry of Sunbelt, the only way to regain control of your system upon infection is to pay this unjust fee. This is yet another example why it is important to periodically backup your hard drive and to always ensure that your Antivirus software is up to date.

The aforementioned screens are littered with inconsistencies and misspellings, a telltale sign that a scam is afoot. Unfortunately, this so-called ransomware is just another in a long string of attempts by the bad guys to take what doesn't belong to them. In this ever-changing climate, it is important to keep abreast of the latest browser security happenings. The more you know, the safer you are.