Thousands of PC users who may have visited porn or downloaded illegal games and movies sites risk being exposed by a new type of malware that publishes a user’s net history on a public site, shortly afterwards the user gets an email demanding a fee be paid for its removal.
The malware operation known as Kenzero being monitored by Trend Micro installs itself on computers using a popular file-share service called Winni, used by up to 200 million people including many in Australia to download content.
The BBC claims that the virus is masquerading as a game installation screen; it requests the PC owner’s personal details.
It then takes screen grabs of the user’s web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of $25 to “settle your violation of copyright law” and remove the webpage.
The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.
“We’ve seen the name before in association with the Zeus and Koobface Trojans. It is an established criminal gang that is continuously involved in this sort of activity,” said Rik Ferguson, senior security advisor at Trend Micro.