‘Kovter’ Ransomware making Fake Police Notification Detected

Kafeine, an independent investigator of malicious software has said that one fresh ransomware program known as Kovter, which relies on fake police notifications, has been unleashed that experiments with one wholly new technique towards persuading potential victims that what it communicates is legitimate, published Help Net Security dated April 2, 2013.

The researcher explains that Kovter's prominence emerges from its approach of utilizing historical data it collects from the victimized user's Web-browser and then using it for increasing the credibility of its scam message.

Reportedly, one fake alert is exhibited, when Kovter infects, which is apparently from the Federal Bureau of Investigation, the Department of Homeland Security and the Department of Justice, all of USA that asserts that illegal content was pulled down from the Net and disseminated through the victim's PC. The alert as well records the PC's host name, its Internet Protocol address as well as an online site alleged as the source of the malicious content.

Essentially during its operation, the ransomware finds out whether there is any website from early on within the victim's historical data inside his browser that's also within a porn site list elsewhere which isn't necessarily unlawful. If it finds one such matching porn site the ransomware then exhibits the same inside its alert. Utilizing this method as well as naming one website, actually accessed inside the browser, from which the malware claims illegal material was downloaded, the alert message's genuineness is increased.

But in the case of not finding any match, Kovter simply utilizes one random porn website which it names as the source of the unlawful material.

Kafeine outlines that for the Kovter incident, its authors demand $300 to eradicate the anomaly as well as to restore the PC back to work.

Naturally, it is therefore advisable that Internauts don't pay any cash else disclose any private info, while call a PC expert and get the malware removed. But, in case Internauts themselves manage in restoring their computers they may still use a quality and up-to-date AV product for system scan and get rid of the malicious program possibly lurking behind the scene.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 4/10/2013