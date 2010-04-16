BBC News reports that a new virus is making rounds that will hold the infected user's browser history up for ransom. The Japanese trojan virus first appeared on Winni, a popular file-sharing service which has up to 200 million users. Currently its targeting specific users downloading illegal games based on Hentai (anime porn).

Called Kenzero, the virus masquerades as a game installation screen. After acquiring personal information supplied by the would-be gamer, the virus then secretly scans the browser history and uploads the entire list--along with the user's name--onto a public website. The infected user thus receives an email or pop-up window demanding a $15 credit card payment to "settle your violation of copyright law." Payment supposedly removes the browser history off the public webpage, and unlocks files encrypted by the virus.

Trend Micro said that it is currently investigating the situation. According to Rik Ferguson, senior security advisor at Trend Micro, the website is owned by a shell company called Romancing Inc., however the creator of the page--Shoen Overns--is fictitious. "We've seen the name before in association with the Zeus and Koobface trojans," he said. "It is an established criminal gang that is continuously involved in this sort of activity."

Ferguson went on to classify the virus as "ransomware." It works by encrypting files on the infected computer, namely documents, pictures, and music. Infected users are forced to hand over the ransom money in exchange for a decryption key. Ferguson added that the virus is also claiming victims in Europe using a different approach. Currently there are no signs of Kenzero making its way into the States.

Thankfully the virus isn't all that serious. "If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," he said. He did not offer any advice in regards to decrypting files.

