Malware "Police Virus" Accuses Users Of Illegal Activity, Demands Compensation
February 21, 2013

Malware “Police Virus” Accuses Users Of Illegal Activity, Demands Compensation

Peter Suciu for — Your Universe Online

On Thursday PandaLabs, the anti-malware of Panda Security, announced that it had released new data that found cases of the so-called “Police Virus” are on the rise. However, this type of crime, known as ransomware or scareware, is not new. It holds a user´s computer hostage and demands payment — but does so by scaring users by claiming to come from legitimate law enforcement.

Text that accompanies the warning — which can be launched when a user visits an infected site — suggests that illegal images may have been viewed or that pirated content was found on the computer.

Last week local law enforcement, working alongside Europol´s European Cybercrime Centre (EC3), announced the takedown of a gang of cyber criminals, which allegedly ran such a so-called ransomware scheme that demanded money from online users in more than 30 countries. The cyber criminals masqueraded as police agencies after paralyzing users´ computers with a virus, telling the owners that illegal online activity had been detected and that the users must pay a fine to have their computer unlocked.

So brazen were the thieves that they even reportedly used Europol director Rob Wainwright´s name in their online scams!

Spanish police said that since the virus was first discovered in May of 2011 they had received 1,200 complaints, but the number of those infected is believed to be far greater.

Security firm Trend Micro helped the European authorities in the case last week reported the BBC. And while it saw the arrest of eleven people, including the leader, a 27-year-old Russian, who was caught back in December while on holiday in Dubai, it is likely that the crimes will continue.

“This ransomware was netting profits in excess of $1.3 million per year,” said Luis Corrons, technical director of PandaLabs. “However, the number of infections keeps growing, which leads us to think that we are facing an unspecified number of groups launching the same kind of attacks.”

The malware works by infecting computers via “exploit kits,” which are applications that can be launched merely by clicking on a link to the wrong website. A visit to a compromised website can launch the software as the criminals take advantage of security flaws in programs such as Adobe Acrobat or Java.

There are numerous variants of the Police Virus, but PandaLabs has detected all as being based on the Trj/Ransom.AB. The security firm has carried out research on two malware families used in the attacks and found that the number of infections has doubled since December (from 2,500 to more than 5,000), following the arrest of the aforementioned criminal groups´ leader.

Moreover, the scam has appeared to morph a bit. The most recent evolution of the malware reported by PandaLabs involves images taken with the users´ webcams, which surely make the name “scareware” seem all the more apt.

While the best thing to do is to avoid clicking on suspicious links and keeping anti-virus up to date, PandaLabs is also offering users some other tips, including disabling Java in the Web browser if it isn´t needed.

PandaLabs is also not alone in warning of Java dangers. In January Mozilla — maker of the Firefox browser — announced that would disable Java, Adobe Reader and Microsoft Silverlight capabilities as a means to not only improve performance but also to close security holes.

Panada Security has also launched a new version of its free anti-virus software Panda Cloud Antivirus, which can neutralize malware that reportedly takes advantage of those vulnerabilities exploited by scareware and ransomware.