Unlike previous "kidnapping" malicious codes that only have the ability to 'kidnap' data, the Delf.ctk Trojan is equipped with the ability to lock up all infected PCs. If you don't accept the $ 35 ransom, users won't be able to use the PC anymore.
The infected PC user Delf.ctk will see a fake full screen message as created by the Windows operating system with the following content: ' Error.The license to use Browser Security and Antiadware Software has expired.Without this software, when you visit adult content websites, you will face the risk of being infected with malware . '
Virus appears to extort users Picture 1 The fake notification window asks the user to accept to activate the new account. If you agree, the user will be redirected to the next window giving instructions on how to make a call to a US phone number and enter the account PIN. If the phone number does not work, the user will receive instructions to dial another phone number.
After the Delf.ctk Trojan successfully breaks, the entire system will be locked. The only way for users is to call the phone number above and pay the ransom.
Alex Eckelberry - CEO of Sunbelt Software - said that the last visit to the phone number mentioned in the above announcement Sunbelt Software found that the phone number is related to Passwordtwoenter.com - the service bar Maths are often used by pornographic websites to charge visitors.
Passwordtwoenter.com payment gateway is registered and owned by Global Voice SA. Representatives of the company declined to comment on the information.