Porn Virus Holds Browser History at Ransom
This virus encrypts your files and demands a fee for the decryption key.
BBC News reports that a new virus is making rounds that will hold the infected user's browser history up for ransom. The Japanese trojan virus first appeared on Winni, a popular file-sharing service which has up to 200 million users. Currently its targeting specific users downloading illegal games based on Hentai (anime porn).
Called Kenzero, the virus masquerades as a game installation screen. After acquiring personal information supplied by the would-be gamer, the virus then secretly scans the browser history and uploads the entire list--along with the user's name--onto a public website. The infected user thus receives an email or pop-up window demanding a $15 credit card payment to "settle your violation of copyright law." Payment supposedly removes the browser history off the public webpage, and unlocks files encrypted by the virus.
Trend Micro said that it is currently investigating the situation. According to Rik Ferguson, senior security advisor at Trend Micro, the website is owned by a shell company called Romancing Inc., however the creator of the page--Shoen Overns--is fictitious. "We've seen the name before in association with the Zeus and Koobface trojans," he said. "It is an established criminal gang that is continuously involved in this sort of activity."
Ferguson went on to classify the virus as "ransomware." It works by encrypting files on the infected computer, namely documents, pictures, and music. Infected users are forced to hand over the ransom money in exchange for a decryption key. Ferguson added that the virus is also claiming victims in Europe using a different approach. Currently there are no signs of Kenzero making its way into the States.
Thankfully the virus isn't all that serious. "If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," he said. He did not offer any advice in regards to decrypting files.
In an unrelated case, the RIAA and MPAA demanded on Thursday that the American government develop similar software, however rather than request funds in compensation for pirating music and movies, the RIAA and MPAA want the files deleted off user hard drives instead.
- HTC Droid Incredible Officially on Verizon April 29
- Another Two Devs Jump Ship From Infinity Ward
- Man Sells Old $5-$10 Atari 2600 Game for $31,600
- VIDEO: Baby Goes Berzerk Over Xbox Controller
- EFF, Yahoo Fight Againt Warrantless Email Search
- How Natal Knows If You're Female or Male
- RIAA Wants Gov. to Delete Your Illegal Downloads
- Library of Congress Archiving Every Twitter Entry
- Shift Your Way Through FM Radio
- Boy Kills Dad After Getting Keyboard Taken Away
- VIDEO: How Cats and Dogs React to the iPad
- 4-year-old Gets Xbox 360 Game With Weed Inside
- Intel Wants Atom to Power Your Home
- A New BioShock MMO in the Works, Could Be FPS
- Dell's 7'' and 10'' Streak Tablets Leaked
- GameStation Legally Claims 7,500 Human... Souls
- This TV Hat Must Be a Late April Fool's Joke
- Verizon's FiOS-Optimized 802.11N Router Soon
- Solar-Powered Samsonite Line Set for Release
Nope, they weren't playing Crysis
So, just curious, if you pay the funds, does the key actually work? By the way, if you do pay the $15 dollars, where do you pay it to? Cant that be tracked?
A really good way of testing crap that you download from P2P networks (or anywhere else for that matter) is called Sandboxie (www.sandboxie.com). It's free and easy to use. What it does is create a virtual environment in which to run applications. This is great to do if you want to surf pron and other questionable websites which are known to infect your computer just by going there. Because the browser runs in a virtualized memory space, any infection happens in the virtualized environment. Once you close it, the environment goes away along with any malware. If you download something and want to see if it is legit or a virus, you just right-click the install file and select "Run Sandboxed" and it will run the install in a virtualized environment. If you discover that the program is a trojan, you close the sandbox and it all goes away.
So, just curious, if you pay the funds, does the key actually work? By the way, if you do pay the $15 dollars, where do you pay it to? Cant that be tracked?
I've always wondered how people planned to get away with extortion like this. Mail money to my P.O. box, give me a creadit card payment, etc.. etc.. All that is traceable (and Credit Card payments more so), so how do they plan to get away with this? Or are they just in it to harass poor, copyright infringing perverts?
And if you needed another reason to purge your browsing history more often, here it is.
While Virus writers do disgust me, the RIAA/MPAA proposal is even more vomit-inducing, nice tie-in Kevin.
People actually watch animated porn? That's a turn on?
Amateurs!
I've always wondered how people planned to get away with extortion like this. Mail money to my P.O. box, give me a creadit card payment, etc.. etc.. All that is traceable (and Credit Card payments more so), so how do they plan to get away with this? Or are they just in it to harass poor, copyright infringing perverts?And if you needed another reason to purge your browsing history more often, here it is.While Virus writers do disgust me, the RIAA/MPAA proposal is even more vomit-inducing, nice tie-in Kevin.
I was thinking the same thing. There are places where you can setup numbered accounts for accepting wire transfers, but they usually only deal with large transfers (6 digits at a minimum). Even then, it's not completely untraceable.
They don't charge the credit card, they just steal the information of the card. That's the real idea behind the scam.
it's 'porn' not 'pron' - and if the word can't be used on some sites, try pornography, or pornographic material - then it won't be tagged. "Pron" just seems so ten years ago...
the RIAA and MPAA can suck my Trojan.
Fuck RIAA and MPAA, they should get banned from life but then again they have none. How can you kill those who have no life?
People actually watch animated porn? That's a turn on? Amateurs!
Don't tell me you didn't find Babs Bunny hot in Space Jam!
=/
Just say no to animated schoolgirls rape by tentacles.
Don't tell me you didn't find Babs Bunny hot in Space Jam!=/
nahhh.....now Jessica Rabbit on the other hand...hmmmm
it's 'porn' not 'pron' - and if the word can't be used on some sites, try pornography, or pornographic material - then it won't be tagged. "Pron" just seems so ten years ago...
Wow, talk about being out of touch with the intawebs.
Now that, is just messed up
Wow, talk about being out of touch with the intawebs.
Sorry buddy, i don't even know what intawebs is. Is it an emo thing?
This is sad.
You can always rely on the Japanese for weird stuffs like this
you can always rely on the Japanese for weird stuffs like this
Really animated porn is interesting sometimes because it has a story. Sometimes the story is worth watching, but I stopped watching hentai( a long time ago) when I noticed that literally every video was based on rape. Good thing this virus is out(i cant believe i just said that)
The article title tricked me. I thought the virus would send an email to everyone showing the porn websites you went to unless given money. lol... that would've been a better trick imo.
They have hentai movies about rape in every form you can imagine, not to mention inventing the whole lolicon genre... yet they have lower rates of both sexual violence and child sexual abuse than the U.S. and many European countries. I guess prurient movies and video games DON'T cause deviant behavior afterall.
A really good way of testing crap that you download from P2P networks (or anywhere else for that matter) is called Sandboxie (www.sandboxie.com). It's free and easy to use. What it does is create a virtual environment in which to run applications. This is great to do if you want to surf pron and other questionable websites which are known to infect your computer just by going there. Because the browser runs in a virtualized memory space, any infection happens in the virtualized environment. Once you close it, the environment goes away along with any malware. If you download something and want to see if it is legit or a virus, you just right-click the install file and select "Run Sandboxed" and it will run the install in a virtualized environment. If you discover that the program is a trojan, you close the sandbox and it all goes away.
Can anyone else vouch for this? I feel as though, even though it's a virtual space it still has the ability to linger in the RAM and come back out and attack you.
Can anyone else vouch for this? I feel as though, even though it's a virtual space it still has the ability to linger in the RAM and come back out and attack you.
A virus doesn't work that way. You're trying to equate it with what a biological organism might do. A computer virus is nothing more than a computer program designed to do something malicious and attempt to obfuscate its presense. In the case of a Windows virus, they will infect system files, create copies in various directories and modify the registry to make certain the virus is always loaded in the boot sequence. And then, of course, it will do whatever malicious stuff it was programmed to do (such as steal your browser history and encrypt your music and video files).
A program like Sandboxie sets up a virtual environment in memory. The only thing that comes out is the video output. The virus will enter the virtual environment and attempt to do all of the stuff it was programmed to do. Of course, there are no system files to affect and no registry to modify, so it really can't do much of anything. And, like any other computer program that encounters a condition it doesn't have a response to, it does nothing at all. When the program is closed, the memory allocated for virtualization is released and available for use by the system again. As far as the computer is concerned, that memory is empty, even though data remnants remain. This is just like when you delete a file from your hard drive. And just as your computer doesn't attempt to run anything in an area of your hard drive that it believe is blank, it will not attempt to execute something in an area of memory that is marked as unallocated.
I know that was kind of long, but I hope it addresses your concerns.
A virus doesn't work that way. You're trying to equate it with what a biological organism might do. A computer virus is nothing more than a computer program designed to do something malicious and attempt to obfuscate its presense. In the case of a Windows virus, they will infect system files, create copies in various directories and modify the registry to make certain the virus is always loaded in the boot sequence. And then, of course, it will do whatever malicious stuff it was programmed to do (such as steal your browser history and encrypt your music and video files).A program like Sandboxie sets up a virtual environment in memory. The only thing that comes out is the video output. The virus will enter the virtual environment and attempt to do all of the stuff it was programmed to do. Of course, there are no system files to affect and no registry to modify, so it really can't do much of anything. And, like any other computer program that encounters a condition it doesn't have a response to, it does nothing at all. When the program is closed, the memory allocated for virtualization is released and available for use by the system again. As far as the computer is concerned, that memory is empty, even though data remnants remain. This is just like when you delete a file from your hard drive. And just as your computer doesn't attempt to run anything in an area of your hard drive that it believe is blank, it will not attempt to execute something in an area of memory that is marked as unallocated.I know that was kind of long, but I hope it addresses your concerns.
It does, thank you. I guess I just am failing to understand because there are viruses that sort of take place in the temporary internet files folder and will not be considered "gone" even though you have removed it completely. I just assumed it did the same concept, but that is an interesting program I never thought of that approach. Is there no way for the virus to recognize that the allocated virtual space is indeed a virtual space and not the system?
It does, thank you. I guess I just am failing to understand because there are viruses that sort of take place in the temporary internet files folder and will not be considered "gone" even though you have removed it completely. I just assumed it did the same concept, but that is an interesting program I never thought of that approach. Is there no way for the virus to recognize that the allocated virtual space is indeed a virtual space and not the system?
You have to remember, just because you download an infected file, doesn't mean your system is compromised. Like any computer program, it needs to be executed to do anything. That's why using browser exploits and runtime scripts on porn sites is so effective. The program is being run on your computer, often without your knowledge.
As to your last question, I'm sure a clever programmer could write a virus that could "break out" of a virtualized environment. But viruses are typically make to be as small as possible. The more logic you build into them, the larger they get. Also, people who create and distribute malware are typically going after the low-hanging fruit. There are plenty of people who don't have anti-malware software installed (or updated), so they make easy and convenient targets. Just like the person who puts bars on their windows and doors... a determined burglar could still get it if they wanted to, but why bother when your neighbors have no bars and, look at that, they left a window open.
This is exactly what I would have thought of.
This is hilarious!