Complex malware uses copyright threats to blackmail victims

A new trojan which threatens to post the internet history of infected users is spreading from Japan, according to Trend Micro.

The Kenzero Trojan masquerades as a download for an adult Hentai computer game, primarily shared on the popular Japanese Winny P2P network. Once downloaded the malware opens a registration screen for the game demanding personal information while scanning the computer's user account, domain and computer name, OS version, clipboard content, file use history, and Internet Explorer favourites.

The malware then publishes all the data on a public web site and sends the victim an email from shell company Romancing, Inc. (which owns the domain publishing the personal data) accusing them of copyright theft and threatening a court case if damages are not forthcoming.

“I would go so far as to say that the Japanese attack linking name & shame, pornography and threats of legal action is the first of its kind,” said Rik Ferguson, senior security advisor at Trend Micro.

So far 5,500 people have admitted to being caught out in the scam, according to local paper Yomiuri Shimbun, with an unknown number paying out the US$10 copyright infringement fee the malware demanded for the removal of the personal data..

Interestingly, the trojan also downloads three MP3 tracks onto the host computer, which are listed on a separate web site as being worth over US$500,000. It is possible that if the initial fee was paid the victims would have more demands made on them.

Such unusually complex attacks are rare in malware but are becoming increasingly common. Last week, a similar attack was spotted in Europe by researcher Dancho Danchev. There, a fictitious ICPP Foundation made demands of US$400 for copyright infringement.

“The [European] malware was only similar in modus operandi, not at a code level, so the probability of this being born of a commercial malware kit is very low, but you know, given how cybercrime inexorably moves ever closer to a niche based service economy if we were to see a builder of this nature surface it wouldn't surprise me!” Ferguson concluded.