Trojan delivers pay-by-phone extortion

After infection by this Trojan, you’re completely locked out of the system.

You get this screen –– it takes over your entire desktop:

Click on “Click to activate new license”, you get this screen:

Turns out it’s coming from a website, which I’ve posted the same screens, below:

Different countries have different numbers. For example, here is the UK:

And here is France:

Incidentally, a search on the US 900 number shows the first link as passwordtwoenter com, which shares an IP with a number of other similar sites:

p2e com
chargemybill com
chargemyphonebill com
password2enter com
passwordtoenter com
passwordtwoenter com
phonetoenter com
pin2enter com
pintoenter com
pintwoenter com
ptwoe com

Apparently, this is a payment processor that’s now being used for malware, whether they know it or not.

Alex Eckelberry
(thanks Adam Thomas and Patrick Jordan)

Update: Pay-by-phone processor cancels account. More here.