Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Users in Hong Kong Targeted by One-Click Fraudsters

Softpedia.com reported on 8th May, 2015 quoting a warning of experts as "cybercriminals running one-click frauds began to expand their business to Hong Kong by organizing thousands of attacks against users in this area during the past month."

This type of scam similar to ransomware has been attacking users at somewhat geographically limited places for more than 10 years because it has been found that mostly users in Japan were the main target.

However, security vendor Symantec finds and shows that cybercriminals are also aiming at the Chinese market and modified their scam with messages written in Traditional Chinese characters used in Hong Kong.

Softpedia.com published news on 8th May, 2015 quoting Himanshu Anand, Security Researcher with Symantec, as saying "It seems that one-click fraudsters have decided to become multilingual in trying to expand their limits and explore new market opportunities."

Anand says that more than 8,000 attacks during the last month were stopped which could have cheated users for more than $5 million in Hong Kong dollars or 4.46 million Euros.

Interestingly, this campaign of attack involves first tricking the user to download and run an apparently safe HTML Application (HTA) file.

Users may experience this attack when they visit adult websites which show a seemingly genuine video player or a window with an age verification checker.

Whenever users click on the fake video player, an HTA file is downloaded into the computer and then the file displays a dialog box asking the user for permission to run.

Once the user gives permission to run the HTA file, the video starts to play--in the background and in the meantime, the malicious script inside the HTA file is executed. The file creates a registry entry which displays a non-terminating pop-up window on the desktop of the user which asks the user to pay for logging to an adult website. If the user pays, they are told that the pop-up window will be removed. The window also features a timer which apparently counts down to expiry of the offer.

The behavior is quite similar to ransomware because the desktop of the user is effectively held for ransom even if the user restarts the computer and the pop-up window will still be displayed.

Symantec says that users are advised to avoid downloading and running HTA files from unidentified sources.

ยป SPAMfighter News - 5/20/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page