A new virus imitates messages from the Dutch and German police. Users get a notification that they are ‘illegal activities’ have taken; they have a ‘penalty’ to pay for their pc time.
On the basis of the ip address determines the Windows virus from which country a user comes, and then a so-called message of the national police force is shown. The virus locks the computer; users are informed that their computer for illegal activities, such as downloading of child and dierenporno, is used. To their pc supposedly to be able to use it, users must using Ukash is a ‘penalty’ to pay. After payment is done, however, there is nothing: the pc’s remain locked. Moreover the virus, the Ukash-wallet of a user is empty.
To the extent that Microsoft can estimate, there are around 28,000 people infected with the ransomware. The largest part of the infections, more than nine in ten, was in Germany. The exact number of Dutch infections is not published, but relatively small. The fines that the software forced people to pay, varies: in the Netherlands asked the software to 100 euros, while Germans between 50 and 250 euros, had to pay.
Ransomware is not new, but so far as known it has not previously happened that the malware itself as a message from the police in disguise. Incidentally, is that disguise is not always good: in the Netherlands consisted of the tricolor with the letters ‘Police’ on it, while in Spain a misnomer of the sheriff’s department was used.
The virus is installed when a user visits a legitimate web page that is infected with javascript from the attackers. That javascript code makes sure that four different plugins will be loaded: if one of them is vulnerable, the malware will be installed. The malware uses vulnerabilities in Adobe Reader, Flash Player, Java Runtime Environment and a vulnerability in old versions of Windows. As far as is known works the malware on other operating systems.
The virus does not make use of zero day exploits. That are vulnerabilities that were not known. Users can infection with the virus is avoided by the software on their pcs to keep.
