New Ransomware Tracks Your Browser History
A new variation of ransomware is capable of checking a users browsing history and leveraging that information within a fake law enforcement warning.
According a malware analyst that goes by the handle Kafeine, the ransomware shows a message with the logos of the US Department of Justice, Homeland Security, and the FBI, and includes information such as the user’s IP address, host name, and the URL of a porn website (not necessarily illegal) that the user has recently visited.
It does so by checking the browser’s history, comparing the sites it finds there with a remote list, and if it discovers a matching website URL, it displays it in the warning message..
—net-security.org | April 2, 2013 | Zeljka Zorz
The authors of police-themed ransomware are constantly trying to improve their success rate and this is just the latest in a long series of tricks they have added. Some variants are actually using the computer’s webcam, if one is present, to take a picture of the user and include it in the message in order to give the impression that the authorities are recording the user. Another variant gives victims a deadline of 48 hours to pay the made-up fine before their computer drive is reformatted and their data is destroyed.
—infoworld.com| April 1, 2013 | Lucian Constantin