Thursday, April 15, 2010

Kenzero: Viral Blackmail

A new Japanese trojan horse records Winni users' web activity, then threatens to publish it if the users do not pay a fee! According to some sources, over 5000 people have admitted to infection. Winni is a file-sharing service thought to be used by some 200m+ people.

Kenzero targets those who download hentai video games. Hentai is a specific type of porn native to Japan, but also popular in the Western world. The virus appears as an install screen, then records users' information. It records screen captures of their web usage, then sends a message telling them to pay $20 to "settle [the users'] violation of copyright law." The website to which the information is published is a shell company registered under a fake name.

Experts say this is just the latest twist in a new fad called "ransomware," and they suspect all of the instances are the work of the same criminal gang. Some other ransomware viruses encrypt documents and media files, then demands a fee to unlock them; others send pop-ups, claiming to have found illegal content on the user's computer and offering to settle it for a fee, but the user's credit card information is then sold online. Kenzero is similar to Zeus and Koobface, two other trojan horse ransomware viruses.

Experts suggest finding an online malware/AV site which can detect, and hopefully eliminate, these viruses. The Cyberculturalist suggests Trend-Micro's Housecall.

© C Harris Lynn, 2010

No comments: