An easy way to get otherwise-sensible people to act without thinking is to make them panic. Introduce a volatile mixture of sex, money and government interference, and falling for a hack suddenly becomes much more understandable.
The savvy makers of ransomware — malware that badgers users into paying for its removal — have discovered how to use phony government warnings and a list of porn sites that can reference users' Web history to trick unwary users into paying up.
Ransomware is a particularly nasty form of malware. After acquiring it ― usually from an infected website ― victims are unable to browse the Internet.
A message ― sent by the malware makers, who often pose as law-enforcement agencies ― informs the victims that they have been infected by malware and must pay a fine for its removal.
In the latest variation, users receive a phony message from the U.S. Departments of Justice and Homeland Security, and the FBI. The message accuses the user of downloading "suspicious or illegal content," and holds the computer ransom ― hence, the name "ransomware" ― for a "fine" of $300.
This piece of ransomware can track a user's Web history and pick out a site to list as the "source" of the illegal material in question. The program cross-references a browser history with a list of popular porn sites, and presents a match.
If no match is available, the malware will select a site name at random, although this method is not as convincing as picking a site the user would recognize.
Although the sophisticated trick will likely fool a few users, there are multiple problems with its approach.
First and foremost, downloading and possessing digital pornography is explicitly legal in most states (and unenforceable in states where porn's legality is more ambiguous).
Even then, the Department of Homeland Security and the FBI have no role in investigating pornography, and the Department of Justice generally only involves itself in child pornography cases. [See also: 7 Tips to Use the Internet Safely ]
Wise users will also realize that pornography cases generally involve litigation, and there is no predetermined fine for its possession. The government is also not likely to hijack Internet browsers to get in touch, nor forego an official letter, nor use the scam-friendly MoneyPak services to collect fine money.
If you've been browsing pornography, you're legally in the clear. However, porn sites are notorious for distributing harmful software packages, including ransomware.
If your computer contracts the ransomware, run a malware sweep, or download a fix from another system and transfer it via a USB stick. Just remember to format the thumb drive thoroughly afterward.
Follow Marshall Honorof . Follow us , Facebook or .