Ransomware leverages victims' browser histories for increased credibility

Visited websites are listed as source of illegal material in order to make the bogus police messages more believable, a researcher says

The authors of police-themed ransomware have started using the browsing histories from infected computers in order to make their scams more believable, according to an independent malware researcher.

Ransomware is a class of malicious applications designed to extort money from users by disabling important system functionality or by encrypting their personal files. A particular variation of this type of threat displays messages masquerading as notifications from law enforcement agencies.

The language of the messages and the agency names used in them change depending on the location of the victims, but in almost all cases the victims are told that their computers have been locked because they accessed or downloaded illegal content. In order to regain access to their computers, users are asked to pay a fine.

A new ransomware variant that employs this trick was spotted over the weekend by an independent malware analyst known online as Kafeine. Dubbed Kovter, this version stands out because it uses information gathered from the victim's browser history in order to make the scam message more credible, Kafeine said Friday in a blog post.

Kovter displays a fake warning allegedly from the U.S. Department of Justice, the U.S. Department of Homeland Security and the FBI, that claims the victim's computer was used to download and distribute illegal content. The message also lists the computer's IP address, its host name and a website from which the illegal material was allegedly downloaded.

The malware checks if any of the sites already present in the computer's browser history is present in a remote list of porn sites whose content is not necessarily illegal, and if there's a match, it displays it in the message. By using this technique and naming a site that the victim has actually visited as the source for the alleged illegal content, the ransomware authors attempt to increase the credibility of their message.

If no match is found when checking the browser history against the remote list, the malware will just use a random porn site in the message, Kafeine said.

The authors of police-themed ransomware are constantly trying to improve their success rate and this is just the latest in a long series of tricks they have added. Some variants are actually using the computer's webcam, if one is present, to take a picture of the user and include it in the message in order to give the impression that the authorities are recording the user. Another variant gives victims a deadline of 48 hours to pay the made-up fine before their computer drive is reformatted and their data is destroyed.

The average number of daily infection attempts with police-themed ransomware has doubled during the first months of 2013, according to Sergey Golovanov, a malware expert in the global research and analysis team at antivirus vendor Kaspersky Lab. The distribution of this threat was at an all-time high during February and March, he said Monday via email.

According to Golovanov, the most important thing for ransomware victims is not to pay the cybercriminals any money. "What you need to do is go to another computer and start searching for a solution, which you will always be able to find on the Internet," he said. "All antivirus companies post free instructions and utilities to help users unblock their computers."

"In the worst-case scenario, if you are faced with a unique blocker, you can always address the specialized forums of antivirus companies or contact tech support for expert advice and solutions," he said. "Of course, this could take some time, but the key thing is not to pay up and fund this extortion."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwarescamskaspersky labDesktop security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?