New Ransomware Targets Porn Pirates, Makes Copyright Threats

from the hey-that's-a-good-idea dept

Ransomware viruses that hijack a a user's computer and demand payment for snake-oil anti-virus software are nothing new, but there's a new twist on it in Japan. A new virus targets people downloading hentai (an explicit form of anime cartoons) from P2P networks, and poses as an installation screen for a game that asks for users' personal info. Once this is entered, it starts taking screengrabs of users' web activity, which it posts online under their name, and asks for payment of 1500 yen (about $16) to "settle your violation of copyright law" and take down the page. There's a similar scam running in Europe, says a security firm, in which a virus scans a computer's hard drive, and regardless of what it finds, demands payment of $400 for a "pretrial settlement" of copyright infringement claims. Essentially these scams are just online versions of what firms like Digiprotect, ACS:Law and Davenport Lyons do through the mail -- send out thousands of letters demanding people pay up for supposedly downloading copyrighted content. That scheme (which manages to ensnare plenty of innocent users) is quite profitable for the firms that run it -- so it shouldn't be too surprising to see malware scammers move in. It's an interesting question, though: really, what's the fundamental difference between what the malware peddlers and these supposedly legitimate companies are doing?

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 16 Apr 2010 @ 5:13am

    Anyone who downloads an executable from a source which is by definition unscrupulous and untrustable and then not only installs that executable but enters in all kinds of personal information deserves exactly what they get.

    I am now defining a Japanese corolary to the "Dancing Pigs" problem called the "Dancing Tentacle Monster" problem.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Apr 2010 @ 5:44am

    One difference between this and the auto-litigator is that the pre-settlement places send you stuff when they find your IP address on TPB or somesuch and suspect you of infringing. This ransomware is activated by a trojan you have to install, which provides a bit more than mere suspicion. Of course, with this method, there will still be FPs (asshole friends DLing it).

    It is still extortion, but I think it's safe to say that no grandmas or printers will be downloading and installing a trojan that they thought was "Doki Doki no Tentacle Lovu~".

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 16 Apr 2010 @ 9:02am

      Re:

      "they find your IP address on TPB or somesuch"

      Not necessarily true. They are under no obligation to tell anyone why they "suspect" your infringement. By some of the letters that have gone out to people that could not have POSSIBLY infringed, they are essentially picking up people's names and accusing them with no evidence.

      Sounds like the same thing to me.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Apr 2010 @ 9:14am

        Re: Re:

        Picking up someone's name and accusing them of infringement is the same as using infringement as an excuse to steal their credit card info and sell it on the black market?

        Remember, copyright here is just a smokescreen. It could have easily been "Your computer is infected" or a keylogger.

        The pre-litigation folks are crooks, to be sure, but once you pay up on their racket, then you are paid (for the time-being). With the malware folks, even if you pay, your CC information is still going to be stolen.

        reply to this | link to this | view in chronology ]

  • icon
    Jon Renaut (profile), 16 Apr 2010 @ 5:51am

    What a good idea

    I think this software is included in the latest versions of Windows Media Player and iTunes, too.

    reply to this | link to this | view in chronology ]

  • icon
    slacker525600 (profile), 16 Apr 2010 @ 5:58am

    the primary difference I saw was that the malware wasnt collecting on the extortion, it was selling your credit card information to somebody else.

    reply to this | link to this | view in chronology ]

  • icon
    jfgilbert (profile), 16 Apr 2010 @ 6:50am

    There is a difference

    "what's the fundamental difference between what the malware peddlers and these supposedly legitimate companies are doing?"
    The malware peddlers are a lot smarter, they get the victims to do all the work, so they are much more efficient.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Apr 2010 @ 7:08am

    i guess the masnick is on vacation, or has he left the building?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Apr 2010 @ 7:16am

    Maybe we need a colorful rubber-hose style cartoon explaining the difference between extortion and fraud.

    Extortion isn't fraud :-D
    Extortion isn't fraud :-D
    If I tell you to do it or else, :-D
    you don't have to listen :-D
    But if I take your CC info and :-D
    sell it you'll be hurtin' :-D

    reply to this | link to this | view in chronology ]

    • icon
      Dark Helmet (profile), 16 Apr 2010 @ 7:22am

      Re:

      There once was a girl name Maude,
      Who wasn't made smart by God,
      She acted like a tard,
      By not thinking too hard,
      And believed that extortion was fraud!

      (I swear, this rhymes if you have a Chicago accent....)

      reply to this | link to this | view in chronology ]

  • icon
    drewmerc (profile), 16 Apr 2010 @ 7:16am

    would any pirate honestly write there real details into a pirated app (i never have)

    reply to this | link to this | view in chronology ]

  • icon
    Tom Landry (profile), 16 Apr 2010 @ 11:15am

    That has to be significantly effective in Japan since reputation is everything to them.

    reply to this | link to this | view in chronology ]

  • identicon
    Optimistic Pessimist, 16 Apr 2010 @ 11:26am

    If the malware sits and waits for a certain amount of time or a particular event (running a bit torrent client for example) it would be much harder for the average pirate to equate that malware with a program they've recently downloaded and attempted to install.

    I say "average pirate" because I feel the vast majority are just regular folks, the kind that don't know much about the inner workings of computers and all the different kinds of social engineering malware authors use. You know, the kind that are happy when their computer works correctly but need someone else to fix it when it doesn't. They simply like getting things for free that just work out of the box (so to speak).

    I think only a small percentage of pirates have actually done their homework, keep up to date, and are mistrustful of absolutely everything/everyone. You know, the kind that employ and regularly maintain a myriad of security tools on their PC, knowing what each does and how each works.

    What amazes me is how long it took for malware authors to finally take advantage of this idea. I thought of it on day one, when the very first settlement letters started going out to alleged copyright infringers. I expected something like this to happen a lot sooner, when people were a little less knowledgeable about settlements and thus far more likely to be taken for a ride.

    It will be interesting to watch how this affects the so called "legitimate" law firms and their settlement schemes, the primary reason I got interested by such an idea in the first place.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.