Skip to main content

Porn Virus Holds Browser History at Ransom

BBC News reports that a new virus is making rounds that will hold the infected user's browser history up for ransom. The Japanese trojan virus first appeared on Winni, a popular file-sharing service which has up to 200 million users. Currently its targeting specific users downloading illegal games based on Hentai (anime porn).

Called Kenzero, the virus masquerades as a game installation screen. After acquiring personal information supplied by the would-be gamer, the virus then secretly scans the browser history and uploads the entire list--along with the user's name--onto a public website. The infected user thus receives an email or pop-up window demanding a $15 credit card payment to "settle your violation of copyright law." Payment supposedly removes the browser history off the public webpage, and unlocks files encrypted by the virus.

Trend Micro said that it is currently investigating the situation. According to Rik Ferguson, senior security advisor at Trend Micro, the website is owned by a shell company called Romancing Inc., however the creator of the page--Shoen Overns--is fictitious. "We've seen the name before in association with the Zeus and Koobface trojans," he said. "It is an established criminal gang that is continuously involved in this sort of activity."

Ferguson went on to classify the virus as "ransomware." It works by encrypting files on the infected computer, namely documents, pictures, and music. Infected users are forced to hand over the ransom money in exchange for a decryption key. Ferguson added that the virus is also claiming victims in Europe using a different approach. Currently there are no signs of Kenzero making its way into the States.

Thankfully the virus isn't all that serious. "If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," he said. He did not offer any advice in regards to decrypting files.

In an unrelated case, the RIAA and MPAA demanded on Thursday that the American government develop similar software, however rather than request funds in compensation for pirating music and movies, the RIAA and MPAA want the files deleted off user hard drives instead.

  • counselmancl
    Nope, they weren't playing Crysis
    Reply
  • dreamphantom_1977
    So, just curious, if you pay the funds, does the key actually work? By the way, if you do pay the $15 dollars, where do you pay it to? Cant that be tracked?
    Reply
  • jellico
    A really good way of testing crap that you download from P2P networks (or anywhere else for that matter) is called Sandboxie (www.sandboxie.com). It's free and easy to use. What it does is create a virtual environment in which to run applications. This is great to do if you want to surf pron and other questionable websites which are known to infect your computer just by going there. Because the browser runs in a virtualized memory space, any infection happens in the virtualized environment. Once you close it, the environment goes away along with any malware. If you download something and want to see if it is legit or a virus, you just right-click the install file and select "Run Sandboxed" and it will run the install in a virtualized environment. If you discover that the program is a trojan, you close the sandbox and it all goes away.
    Reply
  • hellwig
    dreamphantom_1977So, just curious, if you pay the funds, does the key actually work? By the way, if you do pay the $15 dollars, where do you pay it to? Cant that be tracked?I've always wondered how people planned to get away with extortion like this. Mail money to my P.O. box, give me a creadit card payment, etc.. etc.. All that is traceable (and Credit Card payments more so), so how do they plan to get away with this? Or are they just in it to harass poor, copyright infringing perverts?

    And if you needed another reason to purge your browsing history more often, here it is.

    While Virus writers do disgust me, the RIAA/MPAA proposal is even more vomit-inducing, nice tie-in Kevin.
    Reply
  • ta152h
    People actually watch animated porn? That's a turn on?

    Amateurs!
    Reply
  • jellico
    hellwigI've always wondered how people planned to get away with extortion like this. Mail money to my P.O. box, give me a creadit card payment, etc.. etc.. All that is traceable (and Credit Card payments more so), so how do they plan to get away with this? Or are they just in it to harass poor, copyright infringing perverts?And if you needed another reason to purge your browsing history more often, here it is.While Virus writers do disgust me, the RIAA/MPAA proposal is even more vomit-inducing, nice tie-in Kevin.I was thinking the same thing. There are places where you can setup numbered accounts for accepting wire transfers, but they usually only deal with large transfers (6 digits at a minimum). Even then, it's not completely untraceable.
    Reply
  • thrillhaus
    They don't charge the credit card, they just steal the information of the card. That's the real idea behind the scam.
    Reply
  • omnimodis78
    it's 'porn' not 'pron' - and if the word can't be used on some sites, try pornography, or pornographic material - then it won't be tagged. "Pron" just seems so ten years ago...
    Reply
  • xaira
    the RIAA and MPAA can suck my Trojan.
    Reply
  • sliem
    Fuck RIAA and MPAA, they should get banned from life but then again they have none. How can you kill those who have no life?
    Reply