21 replies to this topic

[Hum]

German federal police are warning about a computer virus that accuses victims of viewing "juvenile pornography".

It also displays an image that it claims reveals images of child sexual abuse have been viewed on a computer.

The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro (£86) fine.

It purports to be collecting cash on behalf of German copyright authorities and the country's national computer security agency.

The virus amounted to "digital extortion" and victims should not pay up, said German police.

The warning about the novel strain of ransomware was issued by Germany's Federal Criminal police office (the Bundeskriminalamt or BKA).

The ransomware version found by the BKA uses a pop-up window that says the machine has been locked down due to "unauthorised network activity". The window is crafted to look like it has been put together by Germany's Federal Office for Information Security (BKI) and its society for prosecution of copyright infringement (GVU).

Text in the window claims that images of child sexual abuse as well as pirated content have been found on the machine. Also displayed is an picture of a child which it claims reveals illegal images have been viewed.

Rik Ferguson, director of security research at Trend Micro, said it was the first time he had heard of ransomware displaying images that users were accused of harbouring.

more

[1941]

I do not go to such sites so I am not worried.

[carmatic]

maybe somewhere in the source code there is an ASCII pedo bear ....

[SPEhosting]

I removed a simular virus for a neighbor last year.... all you do is safe mode + roll back... fixed

[Hum]

For less than that silly ransom, I could install a new hard drive.

[compl3x]

Hum, on 02 February 2013 - 01:43, said:

For less than that silly ransom, I could install a new hard drive.

I guess you have to appreciate this would terrify non-tech savvy users.

[Dushmany]

Spybot's good at getting rid of these things too
(Hasn't let me down yet, but then I have back up removers too)

[Growled]

Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.

[G_0]

This is not anything new. It's actually extremely easy to clean out also. The problem with this attack and other variants is that there is a very high likelyhood that saved credentials are being stolen (log on and credit info from websites). If anyone needs help cleaning you can send me a PM but really there are tons of tools that will do it for you, what you should be concerned about is your information.

[I am Reid]

yea ive also had to fix quite a few computers over the last few months with this one. It does a pretty good job at completely locking out the victim though, so I could see why it scares people, pretty much nothing works short of rebooting into safemode, from there its easy, but it for sure gives people a good scare.

[*RedBull*]

I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close...

[Hum]

Growled, on 02 February 2013 - 03:14, said:

Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.

So how did you fix it ?

*RedBull*, on 03 February 2013 - 07:18, said:

I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close...

I don't think people were visiting poRn sites at all -- but other questionable warez/pirate sites.


Here's an interesting article on ransomware:

http://blogs.technet...07/3543763.aspx

[Growled]

Hum, on 04 February 2013 - 00:14, said:

So how did you fix it ?

I started Windows in safe mode and ran rkill. I then ran spybot to make sure I got it.

[Hum]

^ Is rkill part of Windows 7 Defender ... ?

I've always started the Task Manager as fast as possible, saw and stopped the bad process, then Deleted the .exe proggy.


Symantec provides a free tool, Norton Power Eraser, that seeks out and destroys ransomware and other forms of "scareware," like fake antivirus software.

[Growled]

Hum, on 04 February 2013 - 00:48, said:

^ Is rkill part of Windows 7 Defender ... ?

No. You can find it here:

http://www.bleepingc...download/rkill/