Porn virus blackmails its victims

2010-04-16 09:52:04

A new type of malware infects PCs using file-share sites and publishes the

user's net history on a public website before demanding a fee for its removal.

The Japanese trojan virus installs itself on computers using a popular

file-share service called Winni, used by up to 200m people.

It targets those downloading illegal copies of games in the Hentai genre, an

explicit form of anime.

Website Yomiuri claims that 5500 people have so far admitted to being infected.

The virus, known as Kenzero, is being monitored by web security firm Trend

Micro in Japan.

Masquerading as a game installation screen, it requests the PC owner's personal

details.

It then takes screengrabs of the user's web history and publishes it online in

their name, before sending an e-mail or pop-up screen demanding a credit card

payment of 1500 yen ( 10) to "settle your violation of copyright law" and

remove the webpage.

Held to ransom

The website that the history is published on is owned by a shell company called

Romancing Inc. It is registered to a fictitious individual called Shoen Overns.

"We've seen the name before in association with the Zeus and Koobface trojans.

It is an established criminal gang that is continuously involved in this sort

of activity," said Rik Ferguson, senior security advisor at Trend Micro.

Kenzero is a twist on ransomware, he added, which infects a computer and

encrypts the documents, pictures and music stored on it, before demanding a fee

for a decryption key.

"Interestingly we've seen a separate incident that focuses on European

victims," he said.

A fictitious organization calling itself the ICPP copyright foundation issues

threatening pop-ups and letters after a virus searches the computer hard drive

for illegal content - regardless of whether it actually finds anything.

It offers a "pretrial settlement" fine of $400 ( 258) payable by credit card,

and warns of costly court cases and even jail sentences if the victim ignores

the notice.

However rather than take the money, the outfit sells on the credit card

details, said Mr Ferguson.

"If you find you are getting pop-ups demanding payments to settle copyright

infringement lawsuits, ignore them and use a free online anti-malware scanner

immediately to check for malware," was his advice.

"And if there's online content that you want to get hold of, get it from a

reputable website - if that means paying that's what you have to do."

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8622665.stm

Published: 2010/04/15 14:00:31 GMT