A new Kenzero Trojan is spreading from Japan through P2P networks. The malware threatens infected users that their Internet history will be exposed to the public if they decline to pay a $10 "copyright fee".
The Trojan is disguised as an installation file for an adult Hentai game, shared on the popular Japanese Winny P2P network that has over 200 million of users. When a user tries to install the game, a registration screen for the game appears, demanding personal information: name, email, gender, birth date, phone and address.
However, in background the Kenzero Trojan collects additional information from the infected computer:
- computer name,
- domain name,
- OS type,
- local time,
- clipboard content,
- file use history,
- Internet Explorer favorites.
Along with this, the Trojan encrypts the documents, pictures and music stored on affected computer.
Figure 1. Bogus Hentai Game
After collecting all the private data from the affected PC, the malware publishes all the data on a public Web site owned by a shell company, Romancing, Inc. After that, the user receives a blackmailing email from the same company where he is threatened with a court case for copyright theft. The extortionists demand $10 "copyright infringement fee" for the removal of the personal data from the public Web site and decryption of the encoded files on the victim`s PC. It is known that over 5.500 people had been caught out in this scam.
Last week, a similar attack was spotted in Europe, where a non-existing ICPP Foundation made demands of $400 for copyright infringement.
If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a reliable antimalware solution to defeat the threat. Avoid P2P networks and download the content you are interested in only from the official Web sites of its creators.