Page last updated at 14:00 GMT, Thursday, 15 April 2010 15:00 UK

Porn virus publishes web history of victims on the net

web virus victim
One of Kenzero's victims is reported to be a school headmaster in Japan.

A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal.

The Japanese trojan virus installs itself on computers using a popular file-share service called Winny, used by up to 200m people.

It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.

Website Yomiuri claims that 5500 people have so far admitted to being infected.

The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan.

Masquerading as a game installation screen, it requests the PC owner's personal details.

It then takes screengrabs of the user's web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to "settle your violation of copyright law" and remove the webpage.

Held to ransom

The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.

"We've seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity," said Rik Ferguson, senior security advisor at Trend Micro.

Kenzero is a twist on ransomware, he added, which infects a computer and encrypts the documents, pictures and music stored on it, before demanding a fee for a decryption key.

"Interestingly we've seen a separate incident that focuses on European victims," he said.

A fictitious organization calling itself the ICPP copyright foundation issues threatening pop-ups and letters after a virus searches the computer hard drive for illegal content - regardless of whether it actually finds anything.

It offers a "pretrial settlement" fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice.

However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.

"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," was his advice.

"And if there's online content that you want to get hold of, get it from a reputable website - if that means paying that's what you have to do."



Print Sponsor


SEE ALSO
Spammers survive botnet shutdowns
18 Mar 10 |  Technology
Porn viruses revived on mobiles
15 Jan 10 |  Technology
Video gamers face malware deluge
02 Nov 09 |  Technology
Worm attack chaos fails to strike
01 Apr 09 |  Technology
The man who wrote the first virus
19 Nov 09 |  Technology
Two held in global PC fraud probe
18 Nov 09 |  Manchester

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific