Trend Micro reports that the recent spate of ransomware infections in the U.S. is at least partly due to the conversion of a series of "Police Trojans" that have successfully extorted "fines" from European users by posing as content-piracy-prevention apps distributed by law enforcement agencies, according to TrendMicro.
The malware, distributed via email and poisoned web sites, loads itself, then locks up the victim's computer by replacing the master boot record with one of its own. Every time the machine boots, the Trojan stops the boot and displays a warning screen that looks like an official police warning that the user has been caught using pirated content or applications and will not be allowed to use the machine without paying a "fine" of 100 euros to an online account.
There is a different version of the Police Trojan for each country that adds the local language, correct names for local anti-piracy laws and national anti-piracy law enforcement agencies and other details that differ from country to country.
The extra effort required to research and include the proper agencies, logos, laws, relatively untraceable online money transfer services and other details appears to be the main reason Police Trojans took nearly a year to migrate to the U.S., according to Trend Micro.
Police Trojans are unusually successful because they address the guilty insecurity of users who may or may not have pirated content on their machines and because they keep users from doing anything with their computers until they pay up or figure out how to de-activate the Trojan.
Even then many may not realize they're dealing with a scam from a Russian organized-crime gang rather than U.S. authorities leaping into the spirit of no-due-process searches and prosecutions of citizens contained in the CISPA cybersecurity bill that was approved by the House last week and which goes to the Senate for debate later this month.
Trend Micro also notes that the mastermind of the plan may have been a man arrested Nov. 8 after a two-year investigation by the FBI, NASA and Estonian police.
The people behind the Police Trojans turn out to be the same Eastern European gang that launched a series of fake antivirus ads during the past few months, which took effective advantage of the new malware fears of Mac users to get users to pony up for antivirus software that either never arrived or turned out to be more malware than software.
Here's a link to the TrendMicro PDF The Police Trojan, with a much more detailed discussion of the malware payloads and the gang distributing them.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.