Malware uses copyright threats to blackmail victims

New malware uses copyright threats to extort money

Security experts at Trend Micro have identified a new Trojan spreading from Japan which threatens to post the internet history of infected users.

The Kenzero Trojan masquerades as a download for an adult Hentai computer game, primarily shared on the popular Japanese Winny peer-to-peer network.

Once downloaded, the malware opens a registration screen for the game demanding personal information while scanning the computer's user account, domain and computer name, operating system version, clipboard content, file use history and Internet Explorer favourites.

The malware then publishes all the data on a public web site and sends the victim an email from a shell company called Romancing Inc, which owns the domain publishing the personal data.

The email accuses the user of copyright theft, and threatens a court case if damages are not forthcoming.

"I would go so far as to say that the Japanese attack linking 'name and shame', pornography and threats of legal action is the first of its kind," Rik Ferguson, senior security advisor at Trend Micro, told V3.co.uk.

So far 5,500 people have admitted to being caught out in the scam, according to local paper Yomiuri Shimbun, and an unknown number have paid out the $10 (£6.50) 'copyright infringement fee' for the removal of the personal data. It is believed that paying the ransom prompts further demands for money.

Interestingly, the Trojan also downloads three MP3 tracks onto the host computer, which are listed on a separate web site as being worth over $500,000 (£327,000).

Such complex attacks are rare in malware circles, but are likely to become increasingly common. A similar attack was spotted by researcher Dancho Danchev in Europe earlier this week, in which a fictitious 'ICPP Foundation' made demands of $400 (£260) for copyright infringement.

"The [European] malware was only similar in modus operandi, not at a code level, so the probability of this being borne of a commercial malware kit is very low," said Ferguson.

"But, given how cyber crime inexorably moves closer to a niche-based service economy, a [malware] builder of this nature would not surprise me."