“Attention!!! Your operating system is locked due to law violation. Your IP address was used to visit websites containing pornography […] This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine.” Signed: the local/national law enforcement agency [in your country].
If you ever get a pop-up window on your PC with this message, don’t panic. It’s all scam – you’ve done nothing wrong, the violation claims most likely have nothing to do with you and it’s not the police that’s behind them. Such pop-up windows are just fake warnings prompted by a pesky Trojan that gets past a computers’ antivirus program – if it has antivirus protection, at all – installs itself on the computer and blocks its contents. Then, in order to unlock it, the scared users are urged to pay a fine, usually via payment systems such as Ukash, PaySafe or any other locally available. In other words, they are victims to ransomware attacks. And the tool cybercrooks use to prompt these attacks is the malicious software that security experts have called the “Police Trojan” or the “Police virus”.
These attacks started in early 2011, and the main targets were mostly developed countries in Europe. One year later, they crossed the Atlantic, affecting users in the US and Canada. Later on, in July-September 2012, Australia was hit as well. Note, however, that these attacks have continued in all these regions, over and over again.
How does the Police Trojan work?
One thing’s for sure – it’s sneaky! A Police Trojan infection is usually the result of a drive-by download: a user visits or is redirected to a site with adult or gambling-related content, which hosts the said Trojan; next, due to browser vulnerability, the Trojan downloads itself on the user’s computer that has poor or no antivirus protection at all. Once installed, it takes over the computer, blocks specific files or the computer altogether. At which point, it prompts the scary message, requesting ransom in exchange for “freeing” the computer.
The first variants of the Police Trojan would only block .doc files, by encryption. As the attackers expanded their scope to reach more and more users from different countries, they gradually added more scary elements to the whole charade. In some scams they used a more sophisticated encryption system, while in others, they programmed the Trojan to take over the users’ web cams, take pictures of them or their empty chairs and insert them into the warnings along with the line “Video recording”. Although there was no recording, the photos made the users believe they were monitored by the police and added more authenticity to the scams. This, in turn, prompted them to act with urgency: they paid the so-called fine.
Points to consider
Noteworthy is that the message displayed in these Police Trojan attacks varies according to the country the infected user is from – it is written in the official language of the respective country and accompanied by the official logo, symbol, motto and name of the local/national law enforcement agency. For example: “Guardia di Finanza – Insieme per la legalita” (Police Trojan targeting Italian users), Metropolitan Police – Working together for a safer London (targeting users in London, UK), “Computer Crime and Intellectual Property Section, United States Department of Justice”.
The localized versions of the Police Trojan scam are solid proof that these attacks are not the work of rookie cybercrooks, but that of a far more experienced organized groups that make big money out of scaring users into “bailing” their computers out. Yet another proof that a computer without an antivirus program or with poor antivirus protection can lead to money draining out of your pocket right into criminals’ pockets, also leaving your computer potentially damaged even after it’s unlocked.
If the above do not convince you that protecting your computer with effective antivirus software is mandatory, just consider this as well: the fact cybercrooks have unleashed more sophisticated variants of the Trojan in more targeted attacks, proves their active intention in keeping the whole charade going on for as long as possible. So you might expect them to user further, more diverse scare tactics in the future.
Officer, please show me your badge!
Scareware is meant to do just that: scare you. If such “official” messages that look as coming from national security/law enforcing bodies appear on your desktop, in your e-mail inbox, or even in your Facebook notifications, apply common sense. National bodies would never make use of such means to let you know of some illegality that you might’ve committed. Just to be sure, address and check with the respective body in person or by phone.
Here’s a couple more tips to stay safe from such ransomware and scareware.
- If you ever get such messages, keep calm and look for spelling and grammar mistakes – National bodies ensure that their communications are correctly written. Also, they would never ask you to pay fines using such payment systems as Ukash vouchers.
- If your computer shows signs of such infection, the Trojan can be manually removed. So address the issue to a security expert or a person with experience in removing viruses and other malware.
- As prevention is better than cure, make sure you have an effective antivirus program installed on your computer that can spot a virus before it can get to your computer. BullGuard Antivirus 2013 comes with multi-layered antivirus protection that incorporates traditional Signature-based and state-of-the-art Behavioural Detection to spot all types of malware, even the newest variants. Add to that a Safe Browsing feature that flags all malicious web pages in your Search results and on Facebook, and you got yourself an antivirus system that’s virtually impenetrable.
Remember: don’t cave in to accusations of crimes you know you didn’t commit. Also, get BullGuard Antivirus 2013 to surf the web safely and with confidence!