Ransomware Scam Purports to be from Italian Police

Rossano Ferraris of Total Defense warns that one fresh ransomware is attacking website visitors who speak Italian language when they log into the sites hijacked with malevolent JavaScript, so published Help Net Security on February 17, 2012.

Employing the identical technique for admonishing victims, this ransomware too exhibits a legitimate-looking missive having the victim's Internet Protocol address as it alerts of illegal activity identified in connection with child abuse porn.

Moreover, the phony 'authorized flag' notifies that illegitimate spam mails are also being disseminated from the PC with a terrorist aim. Consequently, the missive goes on that it has become necessary to lock the computer so that no further illegitimate content would get distributed.

Thereafter, the bogus missive states that the computer can, however, be unlocked for which the end-user requires submitting 100EUR towards fine in the next 24-hrs.

Meanwhile, when the ransomware is run, it blocks the PC from functioning by exhibiting the above flag as well as preventing the end-user from conducting any operation. Consequently, large number of persons whom the malware affected has become confused and worried so they instantly contacted police of different areas to get clarifications.

And when security investigators probed the malware, they found that it deactivated the Task Manager as well as hijacked Windows' registry.

The ransomware opened malicious registry entries, chief of them being "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" value="vasja." This particular registry makes sure that the malware will run whenever the system boots up. While products of Total Defense Security can block the malware, researchers have identified the malicious software as "Ransom.ZAAC."

Microsoft cautions that despite the victims agreeing towards submitting the demanded money in fine, the problem isn't solved as they receive a worthless unlocking key.

Meanwhile, schemes of this kind that have been aimed at European Internauts aren't unknown. For, even before the last 3-months, similar malicious software having one varied HTML front-end targeted Internet-users in UK, Spain, Switzerland, Holland and Germany.

Thus, security researchers advise consumers that they should locate and eliminate malware like the aforementioned ransomware, which might get loaded onto their PCs; as also execute one whole-system scan using suitable, updated security software.

Related article: Ransomware Trojan Asks for $300 for Giving User Data Back

» SPAMfighter News - 2/25/2012