Been around a couple of months at least
El Reg has even reported on it
http://www.theregister.co.uk/2013/02/01/ransomware_trojan/
Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). The malware activates when a user is online, and opens a browser-locking screen that …
Actually, the real danger is from the UK's hysterical attitude to child protection. Simply by viewing the images, you are immediately made into a criminal worthy of registration on the sex offenders register. I doubt whether you wanted to view them or not makes much of a difference, given previous idiocy.
"Simply by viewing the images, you are immediately made into a criminal worthy of registration on the sex offenders register."
Not the case. The acts involved in this do specify that intent is a necessary component for it to be a criminal act. If a virus flashes up indecent pictures on your screen without your input, that is not a criminal offence. In fact that's the very core of the so called 'Trojan defence'. I know of one case where that defence was proved to be valid (and many others where it was complete bull).
Now if you meant the Daily Wail's hysterical attitude to child protection, I'll go along with that.
However, often the Police's attitude and 'sensitivity' has often been lacking.
I get asked sometimes by customers what I would do if I found a customers PC had such images on it.
My honest answer would be "nothing", initially. If I reported it into the cops, I can imagine the next thing that's happening is a couple of vans turning up outside my home and ALL the PCs and laptops (got to be sure) being taken out in clear plastic evidence bags for the neighbours to see and rush to conclusions over.
That kind of sh*t sticks!
So now I'm a suspected kiddy fiddler and I have no equipment to run my business on. Nor does my other half as they took all hers too. Result.
No, I'd hand the PC back to the customer, tell them never to call me and then a anonymous tip off might be reported in via a pay phone.
All the PCs, laptops, external hard drives, CD/DVD-R, and your mobile phone. It isn't practical to go through everything in forensic detail at the scene of the crime, so standard police procedure is to confiscate anything and everything that could be used to store data and hold it until the specialists have done their thing.
I'm with you on this. If I ever come across child porn, I'm going to ignore it. I don't want to get pulled into an investigation for something like that.
"The acts involved in this do specify that intent is a necessary component for it to be a criminal act."
Whilst that is technically true, the fact is that the Police and CPS in cases like this act on the principle of "Presumed guilty unless you can prove your innocence".
Meanwhile all your computer gear, DVDs, CDs, videos, mobile phones, memory sticks and anything else have been confiscated for analysis (which means you'll not see them again for at least six months to a year and they'll often be buggered by the time you do get them back), some "concerned copper" will probably have leaked the story to the press and told your neighbours that you're a suspected kiddy fiddler. and you'll end up with a huge legal bill...
That's all the screen shot example shows.
Even if this were a redo of the FBI scareware, SRP and non-admin accounts would go a long way to prevent it and anything like it.
(I have room for lots of downvotes. :-p)
'.. SRP and non-admin accounts'
Ah, non-admin accounts.
Having a relative's machine with, from the description, a UK version of this beastie to disinfect sometime this morning(looks out window, sees it's rather a nice day, so maybe I'll postpone this till late Sunday), here's a story regarding the potential ineffectiveness of non-admin accounts. I set up this machine the last time it got infested several months ago with the standard user account being non-admin, and another account called 'install' with admin rights for the express purpose of installing/updating software only.
Fast forward to the conversation a couple of days ago when the relative first mentioned the current problem, where eventually I got out of them the fact that basically they'd been using the 'install' account rather than the standard user account to run everything..something to do with they hated having to remember and type in the password 'every time something said it required an an account with administrator permissions'. I asked WTF where they running which kept saying that?, response was the somewhat vague, 'stuff off the internet' , aaargh!.
So, non-admin accounts, nice idea in theory, so long as either
a. people can be relied on to act sensibly with the admin account you need to create for them to do software installs etc.
b. you want to take control of administering their machine on a daily basis. (I should add at this point that the relatives whose machine I'm talking about here live 25 miles from me.)
Ah well, 'tis the curse of being family IT support, I suppose. It's not as if I've better things to do on a sunny weekend (he says, as he switches off phone, grabs camera gear and runs..)
The weakest link is usually the user.
I gave up on supporting Windows for family friends for exactly the same reason.
Now they get Linux and its fine. The odd complaint about not being able to do something, play some game, etc, but until those malware ba*tards decide Linux is lucrative enough to target I have but a fraction of the call outs to deal with screwups.
There is a legal exclusion for photographing your legally married spouse who is under 18. Not sure if the lower bound is the English 16 or whether it depends on what country you were married in. The Sexual Offences Act 2003 changed the test for 16/17 year olds to the lower threshold of "indecent". Previously that was only a test for under-16s - the 16/17 test threshold was "obscene". Another step in the cultural infantilisation of young adults. Either term, but particularly "indecent", can apparently be very subjective.
It always struck me that pictures of a St Trinian's themed fancy dress party could be deemed to fall into the "appearing under 18" category and the "indecent" test. It must be remembered that over-zealous "morality" police only need "reasonable suspicion" to justify an arrest whose aim is to permit the confiscation of mobiles and PCs for scrutiny.
"As I understand it UK law says you're guilty if in the court's opinion the subject looks underage, even if you can prove that they are not."
So, I presume, then, that if you photograph an underage person so she looks like she's over 18, then it's all fine and dandy, since it's the appearance that matters and not reality?
No? But, but... :P
"This is the first time we've seen images shown – that's very different. It's going for shock value."
Sounds like it. I imagine they intend to prevent the computer illiterate from taking the computer to a shop or having a relative look at it. Depending on the country, just the act of getting infected with this may put you at risk of jail.
To answer my own question, this article by Sophos seems to confirm that they were the ones who censored it. That being the case I'm surprised more hasn't been made of how much trouble this could get the victim in if any traces of those images left on the computer. They imply some doubt about the girls really being underage, so presumably these aren't the worst sort of pictures imaginable, but still.
How do they manage to hide the financial transactions ?
If Credit Cards are involved then at least one Credit Card transaction provider is required ( Ogone, Worldpay) etc PLUS one of the banking intermediaries such as Sixpay PLUS the bank who is actually receiving the final monies.
It's not possible to hide "these" kinds of transactions without a lot of people knowing....... So there appears to be more than just these bad guys being dishonest.
(I just gave examples of the companies involved in CC transactions , there are probably a hundred more to choose from)
I think I mentioned it the last time something close to this popped up. What if someone used child porn as ransomware and then compounded the threat by saying if they don't cooperate immediately, they'll relay as much personal information as it can mine to the authorities on the grounds of owning child porn, probably scatter other CP around the drive in ways hard to remove, and then make the user sweat. Now it's either pay up or go to jail (and likely worse). It may even remove itself after a while (but leave the hidden CP) so as to remove the "trojan defense".
If your asked to remove this virus it could all fall on you. Hear of someone with this virus, refuse to work on their computer as it would require you committing an offense. Direct them somewhere else (Dodgy Competition) and then call the police on the competition. PROFIT!