Ransomware uses browser history to persuade users to pay up
Posted on 02.04.2013
A new ransomware variant dubbed Kovter has been spotted trying out a brand new approach for convincing targeted users of the legitimacy of its claims.

According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user's IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.

It does so by checking the browser's history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message (click on the screenshot to enlarge it):



If it doesn't find a matching URL, it simply uses a random one.

In this particular case, the criminals are asking for $300 for the problem to go away and for the computer to be unblocked. Needless to say, users are advised not to pay the ransom but to search for a solution to the problem online (via another computer, of course).









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //