14 DAY TRIAL // Security researchers from Kaspersky Lab warn that a recent spam run using the Japanese earthquake as lure has been modified to spread ransomware.
This is the same campaign that was using fake news articles a few days ago to direct recipients to Java-based malware.
According to Kaspersky Lab's Nicolas Brulez, the lure has remained the same, but the payload has changed.
"Instead, the payload is now Ransomware (detected as Trojan-Ransom.Win32.PornoBlocker.jtg), disguising itself as a fake warning message from the German Federal Police," the researcher says.
Once installed, this malicious application prevents users from using their system and displays a fake message on the desktop claiming that illegal content such as child pornography was detected on the computer.
The warning purports to come from the German Federal Police and asks the user to pay a 100 euro fine within 24 hours if they don't want their hard drive erased.
The payment is requested via Ukash which relies on prepaid cards with unique codes. Cyber criminals prefer this method of payment because it cannot be tracked or reversed.
In order to increase the credibility of their message, the warning page displays the logos of McAfee, Symantec, Kaspersky Lab and Microsoft in addition to that of the German police.
Upon installation, this piece of ransomware adds itself to the start-up sequence, suspends explorer.exe and block taskmgr.exe (task manager) from running.
Ransomware are applications that prevent users from using their computers or accessing their private documents unless they pay money.
These programs are considered the next step in the evolution of scareware and are increasingly widespread. There have been cases of variants that are impossible to safely remove because they encrypt all documents with uncrackable algorithms.