Ransomware uses browser history to persuade users to pay up
Posted on 02.04.2013
A new ransomware variant dubbed Kovter has been spotted trying out a brand new approach for convincing targeted users of the legitimacy of its claims.

According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user's IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.

It does so by checking the browser's history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message (click on the screenshot to enlarge it):



If it doesn't find a matching URL, it simply uses a random one.

In this particular case, the criminals are asking for $300 for the problem to go away and for the computer to be unblocked. Needless to say, users are advised not to pay the ransom but to search for a solution to the problem online (via another computer, of course).









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //