Scareware locks down computer due to child porn and terrorism

From Botnets.fr
Revision as of 15:23, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Scareware locks down computer due to child porn and terrorism
Scareware lock down.png
Botnet Goldenbaks
Malware Lockscreen
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol http
Date 2012 / March 2, 2012
Editor/Conference abuse.ch
Link http://www.abuse.ch/?p=3610 abuse.ch (abuse.ch Archive copy)
Author
Type

Abstract

Recently, my sandbox came across a scareware that locks down the victim’s computer due to “terrorism and child pornography”. The malware is being detected by some AV vendors as “Win32/LockScreen”.

The schema is pretty simple: The criminals try to infect computers with scareware (eg. through Drive-By exploits). As soon as the computer is infected, the malware locks down the machine so that the user won’t be able to log in any more. The malware then displays a message to the user that the law enforcement agency XY found child pornography on the victims computer and that the his computer was used to send out “spam mails with terrorist motives”:

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR911,
   editor = {abuse.ch},
   author = {},
   title = {Scareware locks down computer due to child porn and terrorism},
   date = {02},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.abuse.ch/?p=3610 abuse.ch}},
 }