Ransomware uses browser history to persuade users to pay up
Posted on 02.04.2013
A new ransomware variant dubbed Kovter has been spotted trying out a brand new approach for convincing targeted users of the legitimacy of its claims.

According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user's IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.

It does so by checking the browser's history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message (click on the screenshot to enlarge it):



If it doesn't find a matching URL, it simply uses a random one.

In this particular case, the criminals are asking for $300 for the problem to go away and for the computer to be unblocked. Needless to say, users are advised not to pay the ransom but to search for a solution to the problem online (via another computer, of course).









Spotlight

51% of consumers share passwords

Posted on 20 August 2014.  |  The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //