A new ransomware trojan variant with children pornography

We wrote about the ransomware trojan (aka BKA Trojan) and its new methods of blackmailing people to pay: claim in the name of an official institution that the user did something illegal, like storing children pornography pictures on his computer.

The new variant of the BKA trojan attempts to blackmail the owners of infected computers with four pornographic pictures of children (last version had only one picture). It pretends to come from the press office of the BKA.

Revoyem_DE_2013-05                            Revoyem_DE_2013-04

But, if the last version only was mentioning that the user is in possession of pornographic materials with children, the difference this time is that the trojan actually copies pictures on user’s computer. To be even more credible, the trojan has names and birth dates of the children in the pictures (to prove that they are minors).

Same as the other variants known, the malware locks the user’s computer and asks 100€ (135 USD) to be paid via UKash or paysafe. Failing to do this has the consequence that all data on the computer will be destroyed and the user (identified with IP address and user agent string of the browser) will be condemned and punished. The cybercriminals are constantly trying new texts in order to look as convincing as possible.

The malware is distributed via drive by downloads as an executable file with temporary names.

Various media reported that this new version has also a better support for the webcam, so if the computer’s webcam is supported, the user can see himself in the small picture in the screen. Unfortunately, our VLAB could not test this scenario at this time. This social engineering technique creates an acute sense of emergency because it transfers the message that the BKA is “watching” the user.

 

Starting with the engine version 8.2.10.246 all Avira products detect the malicious files of the trojan with a generic detection as TR/Crypt.ULPM.Gen.

We strongly advise the user to never pay the ransom. Use the Rescue CD to clean up the malware from your computer or ask an expert to help you.

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/05/13/a-new-ransomware-trojan-variant-with-children-pornography/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close