LINKUP - First Ransomware trojan that modifies DNS settings to mine Bitcoin forcefully

Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a random amount to be paid in a specified duration of time to unlock it.

Emsisoft has detected a new piece of malware called “Linkup”, dubbed as “Trojan-Ransom.Win32.Linkup” that doesn’t lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot.Sounds interesting!

Once the Linkup Trojan is installed in your system and has been executed, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. The poisoned DNS servers will only allow the malware to communicate with the internet.

Then it will display a bogus notification on the victim's screen, which is supposed to be from the Council of Europe, that accuses you of viewing “Child Pornography” and only returns the access of Internet back on the payment of a £0.01 (Euro) fine.

This is unconfirmed that after paying ransom money, the malware will restore the internet access or not, but most likely only a blatant lie. This ransom amount is supposed to be paid by the credit card with the submission of your personal information, including your name, DOB and city.

In addition to blocking your Internet access, Linkup malware also attempts to download and install other malware that connect your computer to a Bitcoin mining botnet, which can combine the computing power of multiple infected computers to earn new Bitcoins for whoever is behind the attack.

Emsisoft has detail explanation of the working of malware on their site:

“This combination of ransomware and Bitcoin mining is a new and fascinating development. At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems. In time, it will be interesting to see if Linkup is modified to download more flexible variants.”

If your computer has been infected, users are advised not to pay ransom money or submit any personal information, rather you can install 'Emsisoft Anti-Malware' to remove the malware and restoring DNS settings to default.

http://thehackernews.com/2014/02/linkup-first-ransomware-trojan-that.html