Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Blogs

War on Error

John E Dunn

Blackmail virus returns with browser threat

Article comments

Japanese Kenzero malware issues threat we should take seriously.

If you browse websites you’d rather the world did not get to hear about, you don’t want to be infected by the Japanese Kenzero porn Trojan.

This is a crafty one. It copies the embarrassing browsing history of its victims to a website and then demands a ransom of around £10 ($15) to take it down from public view.

It first finds its way on to PCs via a sexually explicit Japanese anime program downloaded illegally from the Winni file-sharing service, before going through a bogus install routine that identifies the person by name and (one assumes) address. It then scoops up the browser history before sending a message that adds to this presumed embarrassment the fact that the user has installed illegal software.

Assuming a user’s browser history is that embarrassing, ouch. Luckily, this is not malware that poses much of a threat to the average computer user, but it holds within it a warning of sorts.

Ransom malware - malware that steals or locks/encrypts data in return for money - is one of the most obvious social engineering attacks imaginable, but since first appearing with Cryzip in 2006, there have been very few examples, and that’s because it has a small flaw. In order to be worth it, victims need a way of paying and that’s not always easy to set up.

Ideally, the criminals need an online account that can receive cash direct without an intermediary such as a credit card or bank, which might spot such transactions. Direct cash accounts (remember eGold) tend to have poor reputations and are often blocked by default. Even when not blocked, scams need to generate their profit quickly and this is tricky to do when accounts can be closed down within days.

A second reason is that criminals found an easier way to generate money from the alert-threat technique, scareware, where users are manipulated into buying bogus antivirus software by claiming that a machine is infected with a non-existent virus. That’s turned into a huge money-making industry because the user consents to installing rogue antivirus from apparently valid companies. The payments are less easy to spot and stop.

It seems plausible to me that the scareware industry could try out Kenzero-like techniques in the future. Rogue antivirus software captures enough data to identify real users, can easily steal browser or other data from a PC, and has a working means of taking the ransom that might not be quickly noticed.

An infected user could probably de-install the rogue antivirus using antivirus software, but what if the browsing history or other personal data such as emails had already been posted to a website? It’s higher risk for the criminals because it will be noticed more quickly, and would clearly fall foul of extortion and blackmail laws in most countries, but that wouldn’t necessarily worry east European gangs.

Browsers can be emptied after every session, file data can be encrypted, but the sort of people who use such features are probably not the sort the criminals are going after.  The best defence is simply to have no embarrassing or personal data on a PC. So at least 10 percent of users have nothing to worry about then...

Perhaps last Year's Vundo Trojan was a halfway house to this type of attack.






Share:

More from Techworld

More relevant IT news

Comments

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *