BKA Trojan Expands Internationally

Labels: ·

The BKA-Trojan, known by the preferred method of payment as well as Ukash or Paysafe Trojans, is by far not only active in Germany. In the U.S., he poses as FBI blockade, in Portugal as computer-locked by the Polícia de Segurança Pública Portuguesa - the site logged botnets.fr some varieties under the name "Reveton" in a gallery. In the U.S., the spread is currently so that the FBI in detail on its website warns of the pest.

 Thus lamented the U.S. Internet Crime Complaint Center is a true avalanche of complaints. The business with the guilty conscience is obviously good: Many people pay first and only call the alleged responsible for lock screen, because their computer has not been unlocked. Depending on the variant of the Trojan requires 100 or $ 200, payable by "MoneyPak" or "Paysafecard".

 As in Germany, the Trojans also throws before both international copyright infringement and the possession of prohibited pornography. The text usually bumping something, so spell as the British, Canadian and American texts Zoophilia mistakenly called "Zoofilia", as is common in Romance languages ​​is. Some variations can include an image of the live webcam in the lock screen. Based on current knowledge this is not about streamed to the internet, it only serves to intimidate, "We watch."

 A payment of the ransom sacrifice brings nothing: The Trojans sent only to the payment data to a control server, the infected PC, however, remains locked. The removal of the trojan is not trivial, as the website Anti-Botnet Advisory Centre provide tools and guidance for disinfection. Some revisions even encrypt files the user. Normally Reveton is neither the only nor the first malware on the infected computer. Most all previously stored on the PC access information, passwords and licenses have been received.

 On the computer, the Trojan gets usually about a vulnerability in browser plug-ins such as Flash, Java, Adobe Reader, especially for Windows XP computers the BKA Trojan has often easy game. Adobe Flash 11 has become an auto-update feature on board, examined daily for the updates. The Java Plug-in for Oracle searches on its only once a month for a new version. This frequency should be high set in any case by hand. Who Java can not actively using, uninstall the plug-in and replacement.

 It is still unclear whether the numerous variants Reveton all be controlled centrally or distributed by several international groups. GVU spokeswoman Christine Ehlers speculated boldly in a blog post that are behind the Trojan avalanche operators of streaming could offer Kinox.to. Evidence they provide for but no. Several versions of the German variant blackmail Trojan enter the Society for the prosecution of copyright violations GVU as gags - elsewhere in the world to give the Trojans throughout from the state authority.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)