Topic: Porn virus publishes web history of victims on the net (Winni, Hentai, Kenzero)

[Samker]

A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal.

The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people.

It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.

Website Yomiuri claims that 5500 people have so far admitted to being infected.

The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan.

Masquerading as a game installation screen, it requests the PC owner's personal details.

It then takes screengrabs of the user's web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to "settle your violation of copyright law" and remove the webpage.

Held to ransom

The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.

"We've seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity," said Rik Ferguson, senior security advisor at Trend Micro.

Kenzero is a twist on ransomware, he added, which infects a computer and encrypts the documents, pictures and music stored on it, before demanding a fee for a decryption key.

"Interestingly we've seen a separate incident that focuses on European victims," he said.

A fictitious organization calling itself the ICPP copyright foundation issues threatening pop-ups and letters after a virus searches the computer hard drive for illegal content - regardless of whether it actually finds anything.

It offers a "pretrial settlement" fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice.

However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.

"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," was his advice.

"And if there's online content that you want to get hold of, get it from a reputable website - if that means paying that's what you have to do."

(BBC)