2010-04-16 09:52:04
A new type of malware infects PCs using file-share sites and publishes the
user's net history on a public website before demanding a fee for its removal.
The Japanese trojan virus installs itself on computers using a popular
file-share service called Winni, used by up to 200m people.
It targets those downloading illegal copies of games in the Hentai genre, an
explicit form of anime.
Website Yomiuri claims that 5500 people have so far admitted to being infected.
The virus, known as Kenzero, is being monitored by web security firm Trend
Micro in Japan.
Masquerading as a game installation screen, it requests the PC owner's personal
details.
It then takes screengrabs of the user's web history and publishes it online in
their name, before sending an e-mail or pop-up screen demanding a credit card
payment of 1500 yen ( 10) to "settle your violation of copyright law" and
remove the webpage.
Held to ransom
The website that the history is published on is owned by a shell company called
Romancing Inc. It is registered to a fictitious individual called Shoen Overns.
"We've seen the name before in association with the Zeus and Koobface trojans.
It is an established criminal gang that is continuously involved in this sort
of activity," said Rik Ferguson, senior security advisor at Trend Micro.
Kenzero is a twist on ransomware, he added, which infects a computer and
encrypts the documents, pictures and music stored on it, before demanding a fee
for a decryption key.
"Interestingly we've seen a separate incident that focuses on European
victims," he said.
A fictitious organization calling itself the ICPP copyright foundation issues
threatening pop-ups and letters after a virus searches the computer hard drive
for illegal content - regardless of whether it actually finds anything.
It offers a "pretrial settlement" fine of $400 ( 258) payable by credit card,
and warns of costly court cases and even jail sentences if the victim ignores
the notice.
However rather than take the money, the outfit sells on the credit card
details, said Mr Ferguson.
"If you find you are getting pop-ups demanding payments to settle copyright
infringement lawsuits, ignore them and use a free online anti-malware scanner
immediately to check for malware," was his advice.
"And if there's online content that you want to get hold of, get it from a
reputable website - if that means paying that's what you have to do."
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8622665.stm
Published: 2010/04/15 14:00:31 GMT