Malware: Trojan:MSIL/Fakeinstaller.A and Trojan:Win32/Ransom Siphon Money Using the SMS

"A Trojan:MSIL/Fakeinstaller.A, which's smiliar to Trojan:Win32/Ransom, which seizes control of the computer by locking user's screen and then demanding a passcode from the user. The user receives passcode only after sending an SMS to a premium number. This particular sample of Trojan:MSIL/Fakeinstaller.A (SHA1: 5a888391750c0efefe9dfc7dd63ed5b78f603ef9) isn't as aggressive, but nonetheless racketeers by ripping some freely distributable […]

"A Trojan:MSIL/Fakeinstaller.A, which's smiliar to Trojan:Win32/Ransom, which seizes control of the computer by locking user's screen and then demanding a passcode from the user. The user receives passcode only after sending an SMS to a premium number. This particular sample of Trojan:MSIL/Fakeinstaller.A (SHA1: 5a888391750c0efefe9dfc7dd63ed5b78f603ef9) isn't as aggressive, but nonetheless racketeers by ripping some freely distributable app from Internet and then using that to gain profit, by prompting to SMS to a premium number, from which a reply is sent back with a code to unlock and install app.

It seems to have been purposely made for users residing in European countries than Russia (target of Trojan:Win32/Ransom). And, it uses a number of well-known app as the lure: Avast! Antivirus, DivX, eMule, and LimeWire," Microsoft.



[Source]