Zscaler experts have spotted around 20 compromised sites over the past weeks

Sep 10, 2013 07:10 GMT  ·  By

Over the past couple of weeks, Zscaler researchers have identified around 20 hijacked websites that have been abused by cybercriminals to distribute fake antiviruses and ransomware.

At first, the hacked sites were set up to serve a classic Fake AV threat. When installed, the bogus antivirus informed victims that their computers were infected with all sorts of malware.

In order to remove the so-called infections, users were instructed to register the product for a certain amount of money.

Later, the Fake AVs were replaced with a piece of ransomware that leveraged the recent news about the NSA’s PRISM surveillance program to make everything appear more legitimate.

The ransomware in question is designed to help the cybercriminals make a lot of money. That’s because it locks the computer screen and asks for the payment of $300 (€226) to have it unlocked.

It’s becoming clear that cybercriminals will exploit any type of law enforcement and surveillance-related news to increase their chances of success. Experts believe that UK users will likely see ransomware that leverages the controversial anti-adult content legislation.

As always, if you come across such threats, don’t pay the so-called fine. Instead, clean your computer with a genuine antivirus solution.

Check out the gallery below to see what these threats look like.

Fake AVs and PRISM ransomware (3 Images)

PRISM-themed ransomware
Fake antivirusFake antivirus
Open gallery