Scareware locks down computer due to child porn and terrorism
(Publication) Google search: [1]
Scareware locks down computer due to child porn and terrorism | |
---|---|
Botnet | Goldenbaks |
Malware | Lockscreen |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | http |
Date | 2012 / March 2, 2012 |
Editor/Conference | abuse.ch |
Link | http://www.abuse.ch/?p=3610 abuse.ch (abuse.ch Archive copy) |
Author | |
Type |
Abstract
“ Recently, my sandbox came across a scareware that locks down the victim’s computer due to “terrorism and child pornography”. The malware is being detected by some AV vendors as “Win32/LockScreen”.
The schema is pretty simple: The criminals try to infect computers with scareware (eg. through Drive-By exploits). As soon as the computer is infected, the malware locks down the machine so that the user won’t be able to log in any more. The malware then displays a message to the user that the law enforcement agency XY found child pornography on the victims computer and that the his computer was used to send out “spam mails with terrorist motives”:
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR911, editor = {abuse.ch}, author = {}, title = {Scareware locks down computer due to child porn and terrorism}, date = {02}, month = Mar, year = {2012}, howpublished = {\url{http://www.abuse.ch/?p=3610 abuse.ch}}, }