BannerPortlet

Blogs

For the past few days, many users have fallen victim to a new kind of trick.

Virus is activated when the users run a file whose icon is identical as some popular video player software. Users’ computers are rendered useless by a kind of Trojan; and their machines are only able to be used again if the victims have the password to unlock their computers. They get the passwords by sending an SMS to a phone number at the cost of 400 roubles. If the password is correct, the victims will gain back their computer control. Actually, many users followed that way to escape the trouble.

The Trojan employs quite a simple technique. It draws windows on the computer screen; these windows are set at TOP MOST, and are displayed in MAXIMIZE mode for full-screen display . Trojan also sets a timer in its program. According to its cycle, Trojan continuously sets its windows at TOP MOST so that such windows are always displayed before other programs’ windows. Thus, users are unable to manipulate with the remaining windows until they enter the correct password to unlock their computers.

Once infected, a notification as below will appear on victim’s computer screen:

The content of the notification:

Attention:

Your system is blocked because you have violated the Internet usage regulations possibly for the following reasons: Accessing porn websites, recording porn video files. This block is to prevent the spread of the erotic content from your personal computer to the Internet.

To remove the block, you need to:

Charge 400 roubles to a Beeline phone account (89654031266). After that, you will receive the password to unlock your computer.

After removing the block, you have to remove all the illegal content in your computer. If you refuse to charge to the given account, it’s your second violation; and all of your data will be deleted without being able to be restored because your computer is a threat to the Internet.

Bkav detects these Trojans as W32.FakePornC.Trojan and W32.FakePornA.Trojan, which belong to W32.FakePorn.Trojan family.

Prevention:

Password to unlock infected computers can be found easily on the Internet in some forums. You can find the password with hacker’s phone number. If you are lucky enough, you can find the right password to unlock your computer.

To stay away from such kind of virus, users are recommended not to open attached files of unknown origin, particularly executable files (.exe files). Do not visit malicious websites, websites with erotic content. Update your antivirus software on a regular basis. 

Nguyen Hong Quang

Malware Researcher

 

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet