Trend Micro Analyzes and Enumerates on New Computer Threat

Researchers from Trend Micro the security company have studied one new e-threat in detail, which compromises affected PCs, thereby disabling the systems that different agencies of law enforcement would have treated likewise, as also demands or extorts ransoms from those victimized. The company calls these threats Police Trojans.

Further, during the analysis, the researchers tracked the origin of the cyber-criminals, who attacked the PCs belonging to Internauts in different European countries, to countries such as Ukraine and Russia. According to them, these criminals depend on Alliance Bulletproof Hosting, a dubious reseller of bulletproof hosting services facilitating Web utilization in Russia, as well as different C&C (command-and-control) servers based in the UK, USA, Ukraine and Germany.

Understandably, there likely exists one special central command-and-control system too, which synchronizes the complete maneuver.

Additionally, it is perceived that the cyber-criminals aren't inexperienced Web operators rather they are entirely professionals, reveals Trend Micro. Possibly, they have been behind many other campaigns, which used malicious programs namely Zeus Trojan, Carberp Trojan, TDSS rootkits, or fake anti-virus software, according to the security company.

Intriguingly, it may be mentioned that the Trend Micro study further shows that the con artists as well held plentiful porn domains with which victims' computers were contaminated. They, at one time, ran one associate 'partnerka' website as well as cattrade.biz, which undertook to spread ransom software, the company discloses.

These associate websites were chiefly involved in trading porn. When end-users visited any of the associate's porn sites their computers became contaminated. Thereafter, the presence of the ransomware Trojan on the computers indicated that their owners had been viewing offensive things; therefore, the Police was charging them a fine that must be paid. From the total payment then a portion was cut for the porn website's owner. As a result, the pornographic sites had the greatest chance of being the affiliate contenders.

In conclusion, Trend Micro states that the security industry is encountering one cyber-criminal gang which speaks Russian and owns one vibrant network infrastructure, which possibly utilizes one associate network for aiding in disseminating the ransomware while contaminating the maximum possible number of user-systems.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 4/16/2012