New malware accuses users of violating IP, downloading illegal porn, extorts money

In the world of malware, ransomware is the worst and nastiest kind of bug known to man. For those not in the loop, ransomware basically does what it sounds like – it holds your PC ransom (usually by hiding your files in encrypted folders) until you give in to their demands, much like a kidnapper would in real life. There’s been several cases of this kind of virus floating around the net, but the one spotted by Roman Hussy from abuse.ch certainly takes the cake as far as deviousness is concerned.

The malware locks your PC and displays the image above though there’s slight variations to the theme, with different images used for different countries targeted ( U.K., Switzerland, Germany, Austria, France and the Netherlands). The gist of the malware is that it basically accuses the user of violating IP rights, saying that protected material was found in the infected PC and that the PC has been locked to prevent further damage. ”To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of £50 (Php 3,386),” the sign says.

The malware then tells users to pay the release fee using Paysafecard, a prepaid payment card that’s offered in European countries and some parts of the US, and even gives instructions on how to get a Paysafecard if users don’t have one. Roman has noted that he has already seen an earlier version of this particular malware, this time accusing infected PCs of downloading illegal pornographic material on their PCs. Hussy says that users get infected by visiting infected websites with the  Blackhole exploit kit. The kit tries a number of exploits on a PC and when one is successful, it downloads itself into the victim’s PC.

Aside from extorting money from users, the malware also contains a component called Aldi Bot, which steals personal and financial information as well as conduct DoS (denial of service attacks) on websites. As of writing, Hussy says that only 4 of the 42 security products on VirusTotal can detect the malware.

Source: abuse.ch