Russian Porn Worm Extorts UK Users
YNOT EUROPE – An apparent Russian crime syndicate has extorted more than U.S. $29,000 from about 2,500 people in the past five weeks by disseminating a file-locking worm via infected porn websites, instant messaging and USB drives, according to a report from antivirus vendor Trend Micro.
After invading a PC, Worm_Rixobot.A terminates Windows and security processes and blocks access to the web, then demands users pay the equivalent of a U.S. $12 fee in Russian rubles via premium-rate SMS in order to restore control. Trend hackers breached the syndicate’s servers and discovered the original “payload” file was downloaded 137,000 during December alone, mostly by users with Russian IP addresses, but 3,000 downloads went to the UK. The total amount extorted from users worldwide may be much higher than initial estimates, a Trend representative said.
Trend attributed the success of the extortion plot to a combination of the way Worm_Rixobot.A piggybacks on other malware, a relatively low ransom fee and an easy payment method. The worm mimics instant messages from trusted users and installs via “drive-by download” at infected websites. Though not particularly sophisticated, researchers said that because Worm_Rixobot.A demands such a low fee, most victims evidently prefer to pay for an unlock key instead of digging into their operating systems to remove the worm’s components.
Comments are closed.