Feeds

'NSA PRISM spies' shake down victims with bogus child-abuse vids claims

Punters falsely accused of being scumbags told to pay $300 to unlock PCs

Secure remote control for conventional and virtual desktops

Crooks are using the NSA's notorious global web surveillance scandal in new ransomware: punters visiting booby-trapped websites are falsely accused of downloading illegal material, told their PCs are now locked from use, and ordered to hand over a cash "fine" to unlock their computers.

Cloud security firm Zscaler has spotted 20 hijacked domains hosting malicious web pages that attempt to trick naive web surfers into installing virus-killing scareware (because it's claimed their computer is supposedly riddled with malware) or handing over money to unlock PCs that have supposedly been used to download images of child abuse.

Marks are either confronted with a warning that malware has supposedly been detected on their computer, or a bogus NSA PRISM-themed alert. In both cases, the goal is to scare the target into paying the attacker to "fix" their computer.

The campaign started off by pushing fake antivirus software (aka scareware) on the pretext that viruses had supposedly been detected on a mark's computer and money had to be paid out to have the nasties removed.

Now it's pushing a ransomware scam, which claims that child porn has been detected on a PC. The user is told he or she can "avoid prosecution" by handing over $300. In the meantime the ransomware says it locks victims out of their machines.

These shenanigans have been common on the web for years, and it's only the PRISM angle that adds a new spin. Scammers are obviously hoping that their marks pay up to resolve the problem without giving this any further thought. The proposed opt-in system to allow adults to look at legit porn sites in the UK laws may inadvertently help the preposterous con appear a tad more plausible, according to Zscaler.

Accused ... how the ransomware appears in the web browser (click to enlarge)

"The attacker uses the recent news about PRISM to claim that the victim's computer has been blocked because it accessed illegal pornographic content," a blog post by Zscaler ThreatLabZ researcher Julien Sobrier explains.

"The victim has to pay $300 through MoneyPak, a prepaid card service."

"The ThreatLabZ team expect attackers to take advantages of the upcoming UK laws on accessing adult content online to send new types of fake warnings to UK victims." ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.