Follow Us

War on Error

Blackmail virus returns with browser threat

If you browse websites you’d rather the world did not get to hear about, you don’t want to be infected by the Japanese Kenzero porn Trojan.

This is a crafty one. It copies the embarrassing browsing history of its victims to a website and then demands a ransom of around £10 ($15) to take it down from public view.

It first finds its way on to PCs via a sexually explicit Japanese anime program downloaded illegally from the Winni file-sharing service, before going through a bogus install routine that identifies the person by name and (one assumes) address. It then scoops up the browser history before sending a message that adds to this presumed embarrassment the fact that the user has installed illegal software.

Assuming a user’s browser history is that embarrassing, ouch. Luckily, this is not malware that poses much of a threat to the average computer user, but it holds within it a warning of sorts.

Ransom malware - malware that steals or locks/encrypts data in return for money - is one of the most obvious social engineering attacks imaginable, but since first appearing with Cryzip in 2006, there have been very few examples, and that’s because it has a small flaw. In order to be worth it, victims need a way of paying and that’s not always easy to set up.

Ideally, the criminals need an online account that can receive cash direct without an intermediary such as a credit card or bank, which might spot such transactions. Direct cash accounts (remember eGold) tend to have poor reputations and are often blocked by default. Even when not blocked, scams need to generate their profit quickly and this is tricky to do when accounts can be closed down within days.

A second reason is that criminals found an easier way to generate money from the alert-threat technique, scareware, where users are manipulated into buying bogus antivirus software by claiming that a machine is infected with a non-existent virus. That’s turned into a huge money-making industry because the user consents to installing rogue antivirus from apparently valid companies. The payments are less easy to spot and stop.

It seems plausible to me that the scareware industry could try out Kenzero-like techniques in the future. Rogue antivirus software captures enough data to identify real users, can easily steal browser or other data from a PC, and has a working means of taking the ransom that might not be quickly noticed.

An infected user could probably de-install the rogue antivirus using antivirus software, but what if the browsing history or other personal data such as emails had already been posted to a website? It’s higher risk for the criminals because it will be noticed more quickly, and would clearly fall foul of extortion and blackmail laws in most countries, but that wouldn’t necessarily worry east European gangs.

Browsers can be emptied after every session, file data can be encrypted, but the sort of people who use such features are probably not the sort the criminals are going after.  The best defence is simply to have no embarrassing or personal data on a PC. So at least 10 percent of users have nothing to worry about then...

Perhaps last Year's Vundo Trojan was a halfway house to this type of attack.

Tags: malware, trojan, virus

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons

For website issues:

For commercial queries
Russell Kearney

For more contact details click here.

Email this to a friend

* indicates mandatory field

Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map