Porn fans free again after police ransomware disrupted

Security

by Jimmy Nicholls| 29 July 2014

Kaspersky says as many as 200,000 mobile users could have been exposed.

The Koler ransomware campaign that targets mobile visitors to porn sites has been disrupted, according to security firm Kaspersky.

The malware threatened victims running Android with a message purporting to be from local police, demanding between $100 and $300 to unlock the device, even though no files were encrypted by the virus.

Vicente Diaz, principal security researcher at Kaspersky, described the campaign as "well organised and dangerous".

"Dozens of automatically generated websites redirect traffic to a central hub using a traffic distribution system where users are redirected again," he added.

"The attackers can quickly create similar infrastructure thanks to full automation, changing the payload or targeting different users."

The campaign relies on apprehension among victims about being caught watching porn, with the infectious app tellingly named "animalporn.apk".

Koler's command and control (C&C) server was reconfigured to send uninstall instructions to victims, causing the malware to be deleted, according to the firm.

180,000 people are thought to have been exposed to the campaign, with 80% based in the US and much of the remainder in Australia, the UK and Canada.

Kaspersky believe that the group responsible for the campaign are also behind Reveton, which follows a very similar form to Koler, and expects similar campaigns to be "the norm" in the future.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

743 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.