Ransomware uses browser history to persuade users to pay up
Posted on 02.04.2013
A new ransomware variant dubbed Kovter has been spotted trying out a brand new approach for convincing targeted users of the legitimacy of its claims.

According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user's IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.

It does so by checking the browser's history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message (click on the screenshot to enlarge it):



If it doesn't find a matching URL, it simply uses a random one.

In this particular case, the criminals are asking for $300 for the problem to go away and for the computer to be unblocked. Needless to say, users are advised not to pay the ransom but to search for a solution to the problem online (via another computer, of course).









Spotlight

Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jan 30th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //