Computers of Japanese users infected with the same Trojan

Feb 25, 2012 07:18 GMT  ·  By

Ransomware that impersonates law enforcement agencies is not new, but recently cybercriminals started serving these malicious elements using compromised sites. One of these sites is Laudree.fr, which belongs to a famous French company that provides luxury cakes and pastries.

Trend Micro researchers identified the ransomware a Troj_Ransom.bov, which displays a notification on the infected computer’s screen, demanding payment from the owner of the device in the name of the Gendarmerie Nationale, the name of the French Police Force.

The image displayed by the Trojan claims that the computer’s owner is breaking the French law, this being the reason for which the device was blocked.

Experts reveal that not only French users are targeted by this scheme. Since the site is also translated into Japanese, Internet users from Japan also found their machines to be infected with this piece of ransomware.

According to Trend Micro, similar, but more dangerous attacks were spotted targeting German users. The scheme that impersonates the Bundes Polizei, Germany’s Police Force, relies on the Blackhole Exploit kit to drop a piece of malware onto the infected system.

This malware is designed to steal credentials for email accounts, browser applications, social networks, poker sites, FTP servers and remote desktop software.

Further analysis showed that the cybercriminals may be from Moscow, Russia, or a nearby location.

Russian domains are also behind similar ransomware plots that target internauts from Spain, Italy, UK and Belgium, in most cases the crooks demanding payments in Ukash or Bitcoins to ensure that the money trail is lost after the transaction is performed.

Users are advised never to pay fines when threatened by a message that appears on the computer’s display. Instead, a reliable and up-to-date antivirus solution can clean up these types of infections without much difficulty.