You Are Here: Home » MalwareCity » MISCELLANEOUS » Cyber-Extortion Scam Issues False Child Porn Accusations

Cyber-Extortion Scam Issues False Child Porn Accusations

Russian cyber-criminals are coupling false accusations of child pornography with real software damage in a new scam that attempts to extort 500-ruble ($17) payments out of victims, according to an analysis by Bitdefender.

Once infected with Trojan.Agent.ARVP malicious software, spread via innocent-seeming links, the victim receives a note stating that child pornography has been found on the computer and the user must pay a “fine” via a payment service. To back up the demand, the Trojan blocks the computer, effectively holding the system ransom.

The scam marks an extension of the traditional activities of Russian cyber-criminal gangs, many of whom specialize in offering fake anti-virus solutions, or in frauds such as the “Russian bride scam,” which seeks to con European or North American men out of money by posing as beautiful Russian women seeking husbands from abroad. The child-porn scam targets Russian speakers for now but such attacks are often translated into English and other languages to spread further.

This Trojan spreads by tricking computer users into clicking malicious links shared unknowingly by friends on social networking sites and elsewhere. Once the Trojan infects a system, it blocks the computer and displays a message window that takes up as much as 90 percent of the screen, stating that child pornography was found on the user’s system and the fine must be paid.

Fig. 1 The message (in Russian) sent by the Trojan.Agent.ARVP

The ransom note is scaled to take up to 90 percent of the screen and whatever is behind it is invalidated. Other emergency tools such as Task Manager, Windows Explorer and User Init Logon Application are killed and overwritten with copies of the Trojan, which prevents the operating system from initializing and running properly.

The scammers says the user must pay within 12 hours or the “child-porn” case will be forwarded to the local police and all data stored on the personal computer will be blocked or deleted, the operating system uninstalled and the BIOS erased.

In reality, the data will still be there and the BIOS will not be affected after the 12-hour deadline passes. But the PC will remain locked. Paying the ransom will not unlock it. In-depth analysis of the malware revealed that there is no way to unlock the PC, so the promise of a code is false.

Messages such as this should immediately raise suspicions. It’s extremely rare that a law enforcement agency would contact a suspect via web to collect fines for an alleged infringement. To remain safe from such scams, users are advised to scrutinize links they come across and avoid as much as possible clicking on URLs they have not specifically searched for.

This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About The Author

E-Threat Analyst

A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Number of Entries : 298

Comments (2)

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top