Just a heads up

[Mountain Crown]

[quote author=BBC News]Porn virus blackmails its victims

A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal.

The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people.

It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.

Website Yomiuri claims that 5500 people have so far admitted to being infected.

The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan.

Masquerading as a game installation screen, it requests the PC owner's personal details.

It then takes screengrabs of the user's web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to "settle your violation of copyright law" and remove the webpage.

Held to ransom

The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.

"We've seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity," said Rik Ferguson, senior security advisor at Trend Micro.

Kenzero is a twist on ransomware, he added, which infects a computer and encrypts the documents, pictures and music stored on it, before demanding a fee for a decryption key.

"Interestingly we've seen a separate incident that focuses on European victims," he said.

A fictitious organization calling itself the ICPP copyright foundation issues threatening pop-ups and letters after a virus searches the computer hard drive for illegal content - regardless of whether it actually finds anything.

It offers a "pretrial settlement" fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice.

However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.

"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," was his advice.

"And if there's online content that you want to get hold of, get it from a reputable website - if that means paying that's what you have to do."

Story from BBC NEWS:
_http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8622665.stm[/quote]

 

[D69]

Well , they are overreacting again , to score few points for security industry.
First off all BBC wrote its WINNI file sharing program , I have never ever heard of it so its minor p2p and limited to Japan software.
Cant be surprised that I`ve never heard of it since its Winny p2p NOT Winni , even though I never heard anyone in europe or states is using it.

Here are 2 other articles :

src:__http://www.v3.co.uk/v3/news/2261519/complex-malware-uses-copyright

A new Trojan which threatens to post the internet history of infected users is spreading from Japan, according to Trend Micro.

The Kenzero Trojan masquerades as a download for an adult Hentai computer game, primarily shared on the popular Japanese Winny P2P network. Once downloaded the malware opens a registration screen for the game demanding personal information while scanning the computer's user account, domain and computer name, OS version, clipboard content, file use history and Internet Explorer favourites.
Advertisement


The malware then publishes all the data on a public web site and sends the victim an email from shell company Romancing, Inc. (which owns the domain publishing the personal data) accusing them of copyright theft and threatening a court case if damages are not forthcoming.

“I would go so far as to say that the Japanese attack linking name & shame, pornography and threats of legal action is the first of its kind,” Rik Ferguson, senior security advisor at Trend Micro told V3.co.uk.

So far 5,500 people have admitted to being caught out in the scam, according to local paper Yomiuri Shimbun, with an unknown number paying out the $10 copyright infringement fee the malware demanded for the removal of the personal data..

Interestingly the Trojan also downloads three MP3 tracks onto the host computer, which are listed on a separate web site as being worth over $500,000. It is possible that if the initial fee was paid the victims would have more demands made on them.

Such unusually complex attacks are rare in malware but are becoming increasingly common. Earlier this week a similar attack was spotted in Europe by researcher Dancho Danchev. There, a fictitious ICPP Foundation made demands of $400 for copyright infringement.

“The [European] malware was only similar in modus operandi not at a code level so the probability of this being born of a commercial malware kit is very low, but you know, given how cybercrime inexorably moves ever closer to a niche based service economy if we were to see a builder of this nature surface it wouldn't surprise me!” Ferguson concluded.

src:__http://www.theregister.co.uk/2010/04/16/smut_malware_shakedown/

A Trojan circulating in Japan seeks to extort money from shame-faced fans of hentai-themed games.

Those who download illegal copies of ”over 18″ hentai-themed games from file sharing networks are liable to wind up with a nasty surprise, Trend Micro warns.


Some bogus files posing as games from Abel software attempt to trick victims into handing over personal information as part of a supposed game registration process. Meanwhile, in the background, the malware is collecting information on the victim's computer including domain, OS version, file use history and IE favourites.

Screenshots from a prospective mark's PC are also obtained. This data is then published on a publicly-viewable website before victims receive an email pointing them towards the incriminating content from Romancing Inc, which also maintains the domain hosting the incriminating data.

The email offers to resolve the “copyright infringement” and remove incriminating (and potentially embarrassing) information in exchange for a fee.

Trend Micro notes that the Trojan forming the centrepiece of the attack drops MP3 files on a victim's machine that are elsewhere offered for sale online at an extortionate price of hundreds of thousands of dollars.

Security researcher Rik Ferguson writes: "Could it be that once a victim has shown themselves to be extortion-friendly they will get hit with yet another 'copyright infringement' notice from Romancing Inc? Japanese copyright law was strengthened this year largely in an attempt to address the problem of illegal downloading.

"This is certainly another illustration of why, in the long run, you may well be better off paying up front for your downloads and steering clear of file-sharing networks."

Previous scams along the same lines have claimed to be FBI notices of copyright infringement. The Hentai-themed ruse goes further by publicly shaming prospective marks before hitting them with extortionate demands.

More on the web-based smut shakedown can be found in a blog posting by Trend Micro here. ®