Windows Blocked

There’s been a lot of talk in the last couple of days about a large botnet announced by the folks over at Finjan. We detect the malware behind that network as Mal/Dropper-DL which installs several more pieces of malware, including the usual raft of fake anti-malware software and the infamous Troj/Virtum-Gen, aka Virtumundo.

While I was looking into some of the related malware this morning it blocked access to Windows and displayed a large warning message:

If your high-school Russian classes are just a distant memory, like mine, you’re probably wondering what that says. Thanks to one of the polyglots in the Vancouver lab we have a handy translation.

To unblock send an SMS
To number 3649
With Text :k2590620008
Enter the received code:
*Any action mimicking activation will result in data loss and computer violation

Yes, it’s yet another way for the bad guys to hold your data for ransom. Using SMS messaging to a premium rate number is a nice easy way to collect your cash. However, if you’re a victim outside Russia or you quite rightly don’t want to pay you could have some trouble getting back to your data. Happily the guys over at Dr. Web have produced a useful tool that figures out the unlock code for you.