Long deployed by Eastern European cybercriminals, phony police Trojans are now hitting U.S. shores and, when successful, tricking victims into forking over their cash out of fear.
The criminal campaign starts when the user receives a rigged email or lands on a compromised Web page containing the Trojan. From there, the "Police Trojan," as researchers at the security firm Trend Micro call it, locks infected computers and displays a banner informing victims they've violated federal law by visiting child pornography websites and must pay to have their systems unlocked.
Below a legitimate-looking logo from the United States Department of Justice, the fraudulent message says, "To unlock the computer you are oblige to pay a fine of $100," adding that victims must pay through Paysafecard or Ukash vouchers. Any payments made go to the criminals behind the scam, who Trend Micro said are possibly located in Russia or Ukraine.
The online criminals behind these law enforcement ransomware scams own "numerous porn domains," Trend Micro said in its "Police Trojan" report, which makes the fraud attempts that much more likely to succeed — in some cases, the victims are already looking at questionable material that could, in fact, land them in real trouble.
"The Trojan suggests that they have been watching objectionable content (which was probably true) and so are being required by the police to pay a fine. The porn site's webmaster gets a cut from the amount the victim pays."
Trend Micro found that the command-and-control servers behind these hijack and hostage attacks have in some cases been linked to the Carberp Trojan, which has been the culprit in similar ransomware scams on Facebook.