MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

4.20.2010

New variant of ransomware through porn sites

The targets of this ransomware are the visitors to pornographic sites. In this case it's a type ransom "Blocker" that when activated displays a little message, and in the lower right corner of the screen, an image with pornographic content.

Here is an example:





Calls on sending an SMS message like the number 3862816 with the text  8353 in order to unlock the opening of this picture, besides eliminating the automatic opening of pornhub.com porn site (146.82.200.125).


The malware, which MD5 is db836ddad526869bc750b62fbe36e936 has a low level of detection: 6/40 (15.00%)

Countermeasures
Delete the following processes:
  • plugin.exe
  • watcher.exe

Delete the folder hosted on Media C:\Documents and Settings\All Users\Media

Delete the following registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Module > c:\documents and settings\all users\media\plugin.exe

Related information

1 comentarios:

Anonymous said...

Hi,
Last night my friend got infection on his system and it is same as mention above. its from pornhub.com and use different language. i have no control on system, i mean the image appears on the top of any windows. what to do ?? any help appritiated.
thanks
karan
location : India

June 19, 2010 at 5:31 PM

Post a Comment

Subscribe to: Post Comments (Atom)