Child pornography trojan becomes more aggressive
Anti-Botnet Advisory Centre, a German anti-botnet advisory service, reports that a new variant of the BKA trojan attempts to blackmail the owners of infected computers with four pornographic pictures of children. The trojan claims that the owner has been found to be involved in illegal activity such as the "reproduction of pornographic material involving minors" and locks down the computer.
The computer actually does contain child pornography at that point – the trojan downloaded the pictures itself. To suggest an ongoing investigation, the malware displays the alleged names and dates of birth of the children in the four pictures. Users of infected systems will also see themselves, if the trojan detects a webcam. To avoid prosecution, victims are told to pay €100 (approximately £85) to the blackmailers via Ukash or paysafecard. Victims should, of course, do no such thing as the money will go straight into the criminals' pockets. Instead, infected systems should be checked with a virus scanner.
The German anti-botnet advice centre recommends HitmanPro, an on-demand scanner that apparently also deletes the photos that the trojan has deposited on the system. In a quick test by The H's associates at heise Security, however, it turned out that this software may unnecessarily create worry with inexperienced users by reporting on a multitude of tracking cookies. If a system can't be disinfected with HitmanPro or another anti-virus program, a system restore will remove the malware from the computer.
- BKA malware shocks victims with child pornography, a report from The H.