Online crooks are spreading a nasty Trojan that spoofs the long arm of the law to trick victims into believing child pornography has been found on their computers.
When a victim receives a corrupt email containing the Trojan, or lands on a compromised Web page set up by the perpetrators, the worm exploits a vulnerability on the victim's system and then burrows its way into their computers and immediately goes to work, locking the computer and encrypting or deleting data stored on the hard drive, according to Microsoft researchers.
A banner then pops up — in the language of the victims — informing them that child pornography has been found on their computer, and that in order to clean up their system and unlock it, they need to wire money to the "supposed authorities," as Microsoft called the scammers.
While ransomware plots like this — malware that hijacks a computer, encrypts the files and demands a ransom to fix the problem — are nothing new, Microsoft researchers who detected this new Trojan say it's particularly dangerous because not only does it use the threat of child pornography to scare victims, but it is also designed to look as if it's backed by a federal police agency.
The Trojan that impersonates the Swiss Federal Department of Justice and Police is identified as Trojan:Win32/Ransom.FS, and presents a message that reads: "Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland … From this IP address, sites containing pornography, child pornography, bestiality and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities."
Microsoft also spotted emails that spoof the German Federal Police, the United Kingdom's Metropolitan Police, and the Spanish, Dutch and French police.
This sophisticated, serious scam is almost identical to one that appeared in early September, in which Russian cybercriminals deployed a Trojan threatened to turn victims in to the police unless they paid about $17 to rid their computers of nonexistent child pornography.
Researchers at Bitdefender pointed out that a similar scam that offers a "free trial" of a $69 recovery tool that will supposedly unlock all the encrypted, hijacked files. The free tool actually unencrypts three files, making it look like a viable solution and getting the scammers one step closer to victims' wallets.