Ransomware uses browser history to persuade users to pay up
Posted on 02.04.2013
A new ransomware variant dubbed Kovter has been spotted trying out a brand new approach for convincing targeted users of the legitimacy of its claims.

According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user's IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.

It does so by checking the browser's history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message (click on the screenshot to enlarge it):



If it doesn't find a matching URL, it simply uses a random one.

In this particular case, the criminals are asking for $300 for the problem to go away and for the computer to be unblocked. Needless to say, users are advised not to pay the ransom but to search for a solution to the problem online (via another computer, of course).









Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //