The criminals behind Rogueware attacks are becoming increasingly aggressive in their approach to make money. We recently stumbled across a sample (Adware/TotalSecurity2009) which uses a ransomware technique to improve its sales. Once the computer becomes infected, Total Security forces the victim to purchase it before it will allow any files from being accessed on the system. When attempting to open a file, a message pops up in the notification area claiming that the application was blocked due to infection. The pop up recommends activating the "antivirus" software, which costs $79.95. This would be a devistating blow to any user and would likely force the victim to purchase it, so we went ahead and cracked the sample to reveal all of the valid serial numbers. We're hoping that victims can find this blog post before shelling out any hard earned cash to these criminals. Watch the video to see it in action: Valid serials for Adware/TotalSecurity2009:WNDS-TGN15-RFF29-AASDJ-ASD65 WNDS-U94KO-LF4G4-1V8S1-2CRFE WNDS-6W954-FX65B-41VDF-8G4JI WNDS-G84H6-S854F-79ZA8-W4ERS WNDS-TTUYJ-7UO54-G561H-J1D6F WNDS-A1SDF-6AS4D-RF5RE-79G84 WNDS-A1SDF-RY4E8-7U98D-F1GB2 WNDS-5SRTS-AEHUF-YA54S-D6F35 WNDS-P9685-4H41A-DSW3A-2R64T WNDS-2AE32-1VFC2-B6894-G67YU WNDS-4TS8R-D6F5D-4JH8T-U4JK5 WNDS-FGS5D-649RG-4S53D-412SF WNDS-452S3-ER00F-TSE35-S8FSD WNDS-SERFH-2642S-F04SD-64FG1 WNDS-F40SA-1ER5H-4FG5D-F8412 WNDS-5D1V2-XB0D5-JT1TY-97DS3 WNDS-4BGY2-JY4KO-IT98Y-7HJ43 WNDS-G8FB6-1V87S-DRT1S-63SRG WNDS-HFVDR-9844O-U54DA-5TBSC WNDS-89OF7-7324R-5SAD4-TG68U WNDS-JUYH3-24GHJ-HGKSH-FKLSDYou can download a free trial to completely remove the infection once the ransomware feature is removed.Special thanks to Sherab Giovannini for extracting the serials.
source
Posted under Malware Alerts
This post was written by Ted on December 18, 2009
