Jump to content



Photo

Beware of 'child porn' Computer virus

germany ransomware digital extortion trend micro

  • Please log in to reply
21 replies to this topic

#1 Hum

Hum

    totally wAcKed

  • 62,646 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 02 February 2013 - 01:30

German federal police are warning about a computer virus that accuses victims of viewing "juvenile pornography".

It also displays an image that it claims reveals images of child sexual abuse have been viewed on a computer.

The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro (£86) fine.

It purports to be collecting cash on behalf of German copyright authorities and the country's national computer security agency.

The virus amounted to "digital extortion" and victims should not pay up, said German police.

The warning about the novel strain of ransomware was issued by Germany's Federal Criminal police office (the Bundeskriminalamt or BKA).

The ransomware version found by the BKA uses a pop-up window that says the machine has been locked down due to "unauthorised network activity". The window is crafted to look like it has been put together by Germany's Federal Office for Information Security (BKI) and its society for prosecution of copyright infringement (GVU).

Text in the window claims that images of child sexual abuse as well as pirated content have been found on the machine. Also displayed is an picture of a child which it claims reveals illegal images have been viewed.

Rik Ferguson, director of security research at Trend Micro, said it was the first time he had heard of ransomware displaying images that users were accused of harbouring.

more


#2 1941

1941

    Banned

  • 18,175 posts
  • Joined: 17-July 06

Posted 02 February 2013 - 01:34

I do not go to such sites so I am not worried.

#3 carmatic

carmatic

    oh cool i can change my member title

  • 6,024 posts
  • Joined: 03-July 04

Posted 02 February 2013 - 01:38

maybe somewhere in the source code there is an ASCII pedo bear ....

#4 Original Poster

Original Poster

    C++ n00b

  • 2,968 posts
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7, backtrack 5, OSx 10.6

Posted 02 February 2013 - 01:40

I removed a simular virus for a neighbor last year.... all you do is safe mode + roll back... fixed

#5 OP Hum

Hum

    totally wAcKed

  • 62,646 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 02 February 2013 - 01:43

For less than that silly ransom, I could install a new hard drive. :laugh:

#6 compl3x

compl3x

    Feels good, dunnit?

  • 8,172 posts
  • Joined: 06-December 09
  • Location: Melbourne, Australia
  • OS: Windows 7
  • Phone: Samsung Galaxy S4

Posted 02 February 2013 - 01:50

For less than that silly ransom, I could install a new hard drive. :laugh:


I guess you have to appreciate this would terrify non-tech savvy users.

#7 Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • 11,530 posts
  • Joined: 15-October 10

Posted 02 February 2013 - 02:25

Spybot's good at getting rid of these things too
(Hasn't let me down yet, but then I have back up removers too)

#8 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 02 February 2013 - 03:14

Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.

#9 G_0

G_0

    Neowinian

  • 322 posts
  • Joined: 01-May 02

Posted 02 February 2013 - 14:52

This is not anything new. It's actually extremely easy to clean out also. The problem with this attack and other variants is that there is a very high likelyhood that saved credentials are being stolen (log on and credit info from websites). If anyone needs help cleaning you can send me a PM but really there are tons of tools that will do it for you, what you should be concerned about is your information.

#10 I am Reid

I am Reid

    Neowinian Senior

  • 4,409 posts
  • Joined: 03-November 05
  • Location: Columbus, Ohio

Posted 03 February 2013 - 05:45

yea ive also had to fix quite a few computers over the last few months with this one. It does a pretty good job at completely locking out the victim though, so I could see why it scares people, pretty much nothing works short of rebooting into safemode, from there its easy, but it for sure gives people a good scare.

#11 *RedBull*

*RedBull*

    skippy de do da

  • 4,640 posts
  • Joined: 30-March 06
  • Location: Everywhere and No where
  • OS: Windows 8 professional
  • Phone: Android

Posted 03 February 2013 - 07:18

I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close... :s

#12 OP Hum

Hum

    totally wAcKed

  • 62,646 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 04 February 2013 - 00:14

Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.


So how did you fix it ?

I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close... :s


I don't think people were visiting poRn sites at all -- but other questionable warez/pirate sites.


Here's an interesting article on ransomware:

http://blogs.technet...07/3543763.aspx

#13 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 04 February 2013 - 00:43

So how did you fix it ?


I started Windows in safe mode and ran rkill. I then ran spybot to make sure I got it.

#14 OP Hum

Hum

    totally wAcKed

  • 62,646 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 04 February 2013 - 00:48

^ Is rkill part of Windows 7 Defender ... ?

I've always started the Task Manager as fast as possible, saw and stopped the bad process, then Deleted the .exe proggy.


Symantec provides a free tool, Norton Power Eraser, that seeks out and destroys ransomware and other forms of "scareware," like fake antivirus software.

#15 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 04 February 2013 - 00:58

^ Is rkill part of Windows 7 Defender ... ?


No. You can find it here:

http://www.bleepingc...download/rkill/