E-Threats

Browser ransomware still active on porn sites; 50 countries affected

A global malvertising campaign is targeting porn site visitors from some 50 countries with demands for ransom to unblock their browser, Bitdefender research shows.

Web visitors from the US, Denmark, Australia, Romania, Germany, Spain, France, Finland, the Netherlands and some other 40 countries are being redirected to a fake web page that requests money to restore access to browser functionalities.

The campaign, despite being first documented in August 2015, remains active. The ad server is still up even though the ad network was allegedly notified. Users browsing adult sites like xHamster are redirected to the malicious website after accessing an ad for the Sex Messenger dating app, served by online advertising company TrafficHaus.

We have seen a connection between the content displayed by sexmessenger.com and the malicious site when not opened in Internet Explorer. It redirects to other web pages.

This could mean that attackers are using an IE vulnerability to detect that traffic is coming from real users and not from a security sandbox or honeypot environments. After the presence of Internet Explorer is detected, users are redirected to this page.

US

Fig. 1 Fake message in English

An alarming message claims the browser is locked and all the user’s files are “arrested” and encrypted. The scammers are requesting the equivalent of 100 euros or 500 dollars to be paid in less than one week, otherwise files remain inaccessible and legal action will be taken against the user.

“No malware is really executed on the machine, so encryption does not take place,” says Alexandru Rusu, malware researcher at Bitdefender. “Technically, this is not ransomware, it is a type of scareware that urges inexperienced users to pay up simply because their browser window is blocked.”

The browser page does not close, even if the user pays the requested amount. To close the IE process, users simply need to open Task Manager through Ctrl+Shift+Esc. For Windows 8, right click on IE>End Task.

Users are advised to use an ad blocker tool to remove potentially malicious advertising and an efficient security solution to block malicious URLs and cyber-threats.

This article is based on the technical information provided courtesy of Bitdefender malware researcher Alexandru RUSU.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.