SophosLabs: ComputerWorld today reports that the UK’s Metropolitan Police has warned Windows users of a malware attack that poses as a message from the computer crime-fighting cops themselves.
The ransomware attack attempts to lock the computer, and posing as an unofficial notice from a law enforcement agency, claims that the victim’s PC has been determined to have visited illegal websites.
Only payment for a fine, claims the message, will restore the computer’s functionality.
Various versions of the alert messages have been seen – here’s one example:
Part of the poorly-worded alert reads as follows:
The process of illegal activity is deleted. According to UK law and Metropolitan Police Service and Strathclyde Police investigation your computer is locked!
The following violation is detected: You IP-address “[redacted]”. Forbidden websites containing pornography, child pornography, Sodomy and called violence against children on, violent material toward people were visited from this IP-address!
Moreover and e-mail spam was sent you’re your computer, emails containing terroristic materials. This locking serves to stop your illegal activity.
To release a lock your computer you should pay the fine in amount of £100. In the case of ignoring the payment, the program will remove illegal materials while keeping your personal information is not guaranteed.
Of course, it’s very likely that you haven’t been visiting extremist websites or viewing child abuse material. That may just be the hook used by the fraudsters to trick you into taking the warning seriously.
Ransomware is nothing new. We’ve seen plenty of examples in the past where cybercriminals have duped users into coughing up cash in order to get their computer working properly again.
But the threat of legal action, and what – on first glance – might appear to some computer users to be a sign that they are in trouble with the police, could be enough to scare some into electronically transferring funds post haste.
The police recommend that anyone who is duped by the scam should contact their credit card company immediately, and underline that they would never use such tactics to make contact with the public or demand funds.
It’s likely that the messages are appearing on computer users’ screens because they have become infected whilst visiting compromised websites, or have been duped into installing malicious software onto their computer.
Sophos has linked Mal/Bredo-Q to some of the reports we have seen of this particular ransomware attack, but of course it’s perfectly possible that malicious hackers could use other malware to display the same or similar messages posing as police warnings.
As always, keep your security patches and anti-virus solutions updated, and your wits about you.