back to article Sick software nasty uses child abuse pics to extort infected victims

Depraved miscreants are spreading vile ransomware that displays images of child abuse on infected PCs and demands payment to remove them. Typically, this sort of malware pretends to be an official piece of police software and pops up a text message accusing victims of breaking the law - usually for downloading copyrighted …

COMMENTS

This topic is closed for new posts.
  1. The FunkeyGibbon
    Thumb Down

    Really struggling for words

    How do you describe how vile these people are?

    The only thing I can think of that would make me smile is if they pulled this shit on Liam Neeson...

    "I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very particular set of skills; skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you stop this shit now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will kill you."

  2. Anonymous Coward
    Anonymous Coward

    These people need castrating....

    1. Michael H.F. Wilkinson Silver badge
      Coat

      isn't the official phrase "sexecution" ?

      1. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Place your bets

    There's now a bunch of paedos trying to download this malware so they can go "It's not my fault, the malware did it"

    1. Tachikoma
      Unhappy

      Re: Place your bets

      Sadly it wouldn't surprise me...

    2. Alan Esworthy

      Re: Place your bets

      After my initial disgusted reaction to this story, my next thought was just as you point out. I don't understand the down-votes. Will someone who objected please explain?

  4. Evil Auditor Silver badge
    Alert

    Warning

    Nice warming issued be the Germany's Federal Criminal Police Office as well: the storing of the displayed pic is criminal possession of kiddy porn. At least, they don't advice to contact a law enforcement agency...

  5. MJI Silver badge

    What about UK?

    Would you be automatically guilty of crimes?

    1. Anonymous Coward
      Anonymous Coward

      Re: What about UK?

      In the UK you are already guilty. We're just waiting for the legislation to catch up...

    2. This post has been deleted by its author

      1. Evil Auditor Silver badge

        Re: What about UK?

        Phil W, is degaussing still state of the art? I'd put rather more trust in a shredder or, for home use, a very hot fire.

    3. Cucumber C Face
      Flame

      Re: What about UK?

      Why bother with the porn?

      For the UK they could just plant a random data file with a size evenly divisible by 512 on the victims hard drive.

      "That's a True Crypt file - open it if you're not a drug-ped0-terrorist"

      Nothing to hide nothing to fear. Guilty until proven innocent.

    4. Nigel 11

      Re: What about UK?

      Would you be automatically guilty of crimes?

      Probably, if you didn't immediately reach for the factory-restore disk .

      Anyway, could you sensibly do anything else? God knows what else these sick bastards might have infected your computer with!

    5. Anonymous Coward
      Holmes

      Re: What about UK?

      Some info for UK readers concerning offence of "Possession of IIC" and a proven defence based on "unsolicited receipt" aka "blame the computer" that may be relevant. This quote borrowed from the Crown Prosecution Service web site. Full document at http://www.cps.gov.uk/legal/h_to_k/i...s_of_children/

      This quote is not subject to amendment and absolutely does not constitute legal advice. In fact don't believe it at all. Get a lawyer if this concerns you.

      Quote

      In the UK, section 1 of the Protection of Children Act 1978 (PCA 1978) and section 160 of the Criminal Justice Act 1988 (CJA 1988) cover the area of CP/IIC.

      Defence under CJA 1988, Subsection 160(2)(c)

      The defendant must prove both

      'that the photograph or pseudo-photograph was sent to him without any prior request made by him or on his behalf' and that 'he did not keep it for an unreasonable time'.

      The Act does not prescribe what constitutes a 'prior request', nor does it define the parameters of 'unreasonable time'. In particular, it is not clear whether time runs from when the image was received by the computer, or when it was known by a defendant to have been received.

      In R v Porter the Court of Appeal held that

      "an image will only be considered in possession if the defendant had custody or control of the image at that time. If at the time of possession the image is beyond his control, then he will not possess it."

      [Case (ref. Porter, R. v [2006] EWCA Crim 560 (16 March 2006)]

      /Quote

      Full document here http://www.cps.gov.uk/legal/h_to_k/indecent_photographs_of_children/

      1. Boris the Cockroach Silver badge
        Big Brother

        Re: What about UK?

        this is exactly the problem myself and some fellow game server admins had when 1 delightful little scrote decided it would be funny to use a child pron spray in game.

        of course it gets shared to everyone playing on the server at the time, including me.

        After some fairly heated discussion among the admins, the screen shot with the cp blurred out with the scrotes steam ID, and his IP address was sent to his ISP.

        According to a report we got back from the ISP , mummy and daddy were most surprised to get cut off by the ISP and most unhappy as to why.

        But the big problem for us was how do you go about reporting such things when you're the innocent victim?

        The instant you call the plod and say "I've got cp on my PC sent to me by persons unknown" , pc plod will go "he's got cp , lets go nick him and smear his name across the media"

        Anyway... these malware writers when found, should be firmly strung up, although if they're british, they'll get a stiff £50 fine and told not to be naughty.

        1. ed2020
          Thumb Down

          Re: What about UK?

          @Boris the Cockroach

          "According to a report we got back from the ISP , mummy and daddy were most surprised to get cut off by the ISP and most unhappy as to why."

          I don't believe for a second that his ISP, even if they were also your ISP, reported back to you that they had been cut off. I find it even more difficult to believe that they told you what the parents' reaction was (or even if there were parents).

      2. Lamont Cranston

        Re: What about UK? (@aliceklaar)

        That's a very disturbing quote, as it seems to require the accused to prove a negative (that the file in question was sent "without any prior request"), which is impossible.

        1. Yet Another Anonymous coward Silver badge

          Re: What about UK? (@aliceklaar)

          Similarly to proving that some data isn't encrypted when asked for a key.

          The problem is that Mr Orwell's book didn't come with a disclaimer "this isn't legal advice and shouldn't be used to plan legislation"

  6. S4qFBxkFFg
    FAIL

    I think the only solution here is DBANing the drives.

    Correct me if wrong, but due to "strict liability" (in the UK at least) I think anyone with CP on their computer no matter how it got there is committing an offence.

    AFAIK, the only defence is to immediately report it, and probably lose all your hardware until whenever Mr. Plod is finished with it (i.e. sometime after it becomes obsolete).

    If ever there was an advert for computer safety...

    1. Charles 9

      Re: I think the only solution here is DBANing the drives.

      If I were really sick, I'd give them a few hours through which time I'd try to obtain the victim's identity and address. If they didn't pay up, I'd scatter the pron around the drive (perhaps encrypting a few with a password), lock as much as I could, transmit the information to authorities in e-mails and self-terminate to leave little trace that it was malware. Unless the plods were ready to admit the computer was tampered, the victim can now be arrested for possession of child porn (which in most countries is a felony). That would add real fear factor to the scareware: pay or face the end of your freedom.

    2. Anonymous Coward
      Anonymous Coward

      Re: I think the only solution here is DBANing the drives.

      +1 for DBAN. It has served me extremely well over the years.

      These days though I usually leave a copy of Parted Magic around just in case I need to secure erase an SSD.

      (And for HDD's it does come with a copy of Nwipe which is a DBAN fork which can run from Parted Magic.)

      1. moonface

        Re: I think the only solution here is DBANing the drives.

        The U.K. Laws are a joke and are open to extortion and malicious framing. The one case that I remember where there was an attempt to frame a guy with child porn maliciously placed on his computer, was only foiled because the perpetrator was the one that notified the Authorities, which later aroused suspicions. If the perpertrator had been more cunning and fooled a 3rd innocent party into reporting the crime, then the innocent guy would have been toast.

        I certainly believe that there should be strong laws against the financing of child porn distribution. i.e. in my world a researching famous pop stars would have their hands smacked for financing deviants but the actual crime of having illegal data hidden away on a machine is madness.

    3. Anonymous Coward
      Anonymous Coward

      Re: Probably lose all your hardware until whenever Mr. Plod is finished with it

      IANAL

      If you're being arrested for pedo offences, they actually fast track you through computer forensics.

      It takes about 2 years to get your kit back if you've been arrested for something else in connection with computers. I don't know if you get your stuff back if you get found guilty of anything.

      1. davyclam
        Mushroom

        Re: Probably lose all your hardware until whenever Mr. Plod is finished with it

        I know how to solve this problem. If you get infected, isolate the ransomeware and email it to every politician/bureaucrat you can find.

        Nothing will change until they feel the heat.

    4. Scott Wheeler

      Re: I think the only solution here is DBANing the drives.

      However, if you report CP on your disk, expect to see some repercussions if you ever need a CRB2 check, which is based on suspicion and rumour as well as criminal record.

    5. John Smith 19 Gold badge
      Unhappy

      Re: I think the only solution here is DBANing the drives.

      "Correct me if wrong, but due to "strict liability" (in the UK at least) I think anyone with CP on their computer no matter how it got there is committing an offence."

      Exactly.

      That's what make this so twistedly brilliant.

      Be a good citizen (and get arrested for viewing and storing CP)

      Or pay up and hopefully never hear from them again (if you can figure out how to fix your system that is).

      I wonder if there are any politicians who voted for this "There is no excuse for CP being on a computer by accident" law have been hit by this?

      And if so did they come clean of cough up the euros or pounds?

  7. Armitage
    Mushroom

    Nuke it from orbit, its the only way to be sure

  8. Anonymous Coward
    Anonymous Coward

    Yes I'll get downvoted but....

    "German Society for the Prosecution of Copyright Infringement "

    Christ, they'll bloody copyright anything these dates, could make for an "interesting" court case....

    1. Justice
      Headmaster

      Re: Yes I'll get downvoted but....

      They have a society specifically set up for this??? Sounds a bit extreme.

      Is it run by a small Austrian guy with a unique mustache?

    2. Anonymous Coward
      Anonymous Coward

      Re: "they"

      "They" don't "copyright" anything.

      Copyright is automatic.

      The word is a noun, not a verb.

  9. DrewG

    Seriously?

    This is incredibly twisted.

  10. Luke 11
    Mushroom

    Paedoware

    The poor unfortunate who's computer this will appear on will no doubt cr@p their pants. We had an instance of someomes laptop being hijacked the other day by a virus called PCEU. Effectively it told the user they had copyrighted material on their machine and had to pay $100, at which point it would be unlocked.

    Service desk removed the disk, threw it in the bin and relied on WDS and SCCM to rebuild his laptop (SSD Disk) in about 8 minutes.

    Unfortunately the average user doesn't have people like this to assist and could easily be duped out of hard earned money, taking the machine to a shop or getting someone in to remedy the issue could lead to awkward questions and assumptions about the user. Knowing what I do I could fix it myself but if I were Mr. Benson the single 50 year old man with a grumpy dog and no friends and little computer knowledge I might take the offending machine into the garden and terminate it.

    The people who publish this sort of malware (any is obviously bad) should be treated as paedophiles and exposed as such. To be honest I'm in favour of a good old fashioned hanging for them. All paedos, including the ones 'doing it for reasearch' should be exterminated.

    1. Lamont Cranston
      Unhappy

      Re: Paedoware

      Can I upvote all of your post, but make an exception for the part where you advocate hanging people?

      Hmm, I was going for "against capital punishment," but have managed "paedo-sympathiser," instead.

      1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: "terminate it"

      If you had little computer knowledge you would probably not be aware this was necessary nor have the technical ability to accomplish it effectively.

    3. VinceH

      Re: Paedoware

      "Knowing what I do I could fix it myself but if I were Mr. Benson the single 50 year old man with a grumpy dog and no friends and little computer knowledge I might take the offending machine into the garden and terminate it."

      I popped into a client's office the other week, and it looks like they were hit by the very malware under discussion. The computer that was usually there was gone, with another one in its place - but it wasn't new, so obviously not an upgrade.

      On asking, the woman there told me that the director was using it a few weeks ago and got a warning on screen as per the article. Not being IT savvy, the directory wanted to pay up - but the woman pointed out that if he did, the chances are the card would then be cleaned out.

      So what they did instead is what your hypothetical Mr Benson would do, and she brought her own computer into the office to use instead.

      The sad thing is, if they'd just put it to one side, I could probably have fixed it. Oh well.

    4. Anonymous Coward
      Anonymous Coward

      WDS and SCCM ...

      Why don't the people that sold him SCCM make a 'computer' that isn't so easily hacked?

  11. Anonymous Coward
    Anonymous Coward

    Follow the money?

    How are the user supposed to pay the "fine", bank transfer? Paypal? Snail mail?

    Would't it be more effective to either for the banks to block money transfer to suspicious accounts abroad?

    1. ukgnome
      Unhappy

      Re: Follow the money?

      You would think that following an electronic trail to these bastards would be easy.

      1. Infect Computer

      2. Start process to pay

      3. Track payment

      4. Issue warrant to bank \ service provider

      5. Arrest \ kill these vile wankers!

      6. Nice cup of tea and a biscuit for a job well done!

      1. DragonLord
        Headmaster

        Re: Follow the money?

        Unfortunately most of these people use mules who then make western digital transfers (or similar) which are currently untraceable (you can get which branch it was taken out of if you can a trace on the transaction before it was withdrawn, but no information about who withdrew it)

        1. Anonymous Coward
          Anonymous Coward

          Re: "Western Digital"

          I am shocked to hear that such a reputable organisation would be supporting the distribution of child pornography.

          I for one will certainly not be purchasing any more hard drives from them.

        2. csumpi
          WTF?

          Re: Follow the money?

          "which are currently untraceable"

          You don't seriously believe what you are saying, right?

          You are either young and silly, or you wrote this piece of malware and are wishful thinking. Or both.

        3. Yet Another Anonymous coward Silver badge

          Re: Follow the money?

          It think you might mean "Western Union" rather than "Western Digital"

          Most of the make "money from home" jobs you see advertised are for forwarding stolen goods or cash. You get the stuff delivered to you from amazon on a stolen credit card and forward it onto another person - you are the one the police trace. Same with wire transfers of dodgy money

      2. Anonymous Coward
        Coat

        Re: Follow the money?

        Not that easy...There are many persons of interest, but you are required to operate within the legal frameworks. As for locations check out the 2012 INCSR: Major Money Laundering Countries report http://www.state.gov/j/inl/rls/nrcrpt/2012/vol2/184112.htm and scroll down to the Countries and Jurisdictions Table.

        Just pick somewhere with more interest in numbered accounts and money handling fees than international sabre rattling. Generate a few fake personas and businesses for Mr Smith & Mr Jones and you are good to go racking up the air miles to open acoounts. etc.

        With a bit of luck the Machine won't see you

        .

    2. jubtastic1
      Big Brother

      Re: Follow the money?

      I've never been asked to do design anything as complex as a system for international money transfers, but if someone had asked I'd have started from the foundation that any system connected to the network had to ensure that all transactions were fully logged and traceable, so that in the event of fraud, laundering or theft it would be easy to see where the money went, who authorised it's movement and ultimately who removed it from the system.

      Now some institutions would no doubt baulk at such requirements, given that their business model relies upon not sharing what their clients do with their money, or who their clients even are for that matter, that would be fine, their clients would simply have to personally move their money into such institutions by withdrawing it in cash at a compliant institution, which would fully document the withdrawal, and then deposit it in cash into their Swiss chosen bank, with a similar arrangement for moving money back into the system.

      A pain for some to be sure, but locking out banks that lose money trails would make most of the losses from fraud stop overnight and raise the risk of being caught from zero to something real. But it seems that would screw up a lot of 'legitimate' fraud and laundering as well so we don't do that and scams like this remain easy, almost risk free endeavours as a result.

  12. Wombling_Free
    Alert

    Yikes.

    No, I am Not A Laywer.

    Under Australian law - you're screwed. Get caught with CP and they assume you're guilty; your trial is pretty much a formality & sentencing (serious goal time, and THEN permanent CP register - good luck living more than 5km from children...). If it's on your drive, it's yours. You get to try to prove it isn't - the courts don't seem to need prove you guilty. Nasty, and I'm surprised it hasn't been used more often against politicians etc, but maybe we'll see a rise in this sort of trap soon.

    Can a HDD be recovered after the platters have been hammered and blow-torched?

    1. Davie Dee

      Re: Yikes.

      "Can a HDD be recovered after the platters have been hammered and blow-torched?"

      hammered OR blow torched, I don't know about together but with the guilty regardless of the truth that the law takes on this matter id not want to test that out!

    2. Evil Auditor Silver badge

      Re: Yikes.

      If done properly, no. The CP and all other data will be gone the data nirvana, or hell for that matter.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yikes.

        Thermite is relatively easy to make and does the job quite well. Not indoors though....

    3. Anonymous Coward
      Anonymous Coward

      Re: hammered and blow-torched

      Remove the platters and polish them with an angle grinder with a 60 grit disc.

    4. Anonymous Coward
      Anonymous Coward

      Re: "good luck living more than 5km from children"

      It seems strange that in Australia you would be forced to reside close to children after being convicted of such heinous offences?

  13. Anonymous Coward
    Anonymous Coward

    Very very low!

    I have seen a watered down version of this on a friends PC. No images on the warning, just stating that he had been browsing that kind of porn and that he had to cough up £100 fine, it did hijack the webcam and have a picture of him on the warning. I've known him for a good many years and know he wouldn't do that, and anyone that earnestly believes the sentence for viewing child porn is as simple as £100 fine needs their head examined.

    This particular one wasn't too aggressive to remove. it still popped up in safe mode but I was able to open up system restore from a command prompt and roll it back then get rid of the rest piece by piece.

    1. Anonymous Coward
      Anonymous Coward

      Re: Very very low!

      you used windows, its not a secure os. you deserve these problems

  14. Anonymous Coward
    Anonymous Coward

    The malware authors ARE distributing CP. On the other hand, tracing the payments will be hard, the bankers are very fond of their cut of the proceeds of crime whether it's 1.8% of a hundred Euros or hundreds of millions of Dollars. (yes HSBC, I'm talking of your illegality).

  15. Cucumber C Face
    FAIL

    Thought experiment

    If the malware had placed a picture of a murder being committed onto your hard drive it would be an evil and unpleasant act.

    However would you thereby be placed in a position where you would be accused of murder?

    1. Lamont Cranston

      Re: Thought experiment

      No.

    2. Atonnis
      Stop

      Re: Thought experiment

      No. Simple answer: having pictures of a murder is not illegal.

  16. Anonymous Coward
    Anonymous Coward

    How about...

    Place a piece of card over the (majority of) the offending image (but not the demand for cash/fake plod logo) and use a separate device (analogue or digital camera) with date stamp (and/or a newspaper with date on, in shot) to record the fact said thing popped up demanding money.

    Store image in VERY safe location.

    In the event an investigation DID occur, you at least have some proof that you were being extorted at the time, but were potentially scared to report it for fear of media etc repurcussions.

    Then rebuild the machine, post DBAN.

  17. Vladimir Plouzhnikov

    At last!

    Someone has thought of the children! Err... wait a second...

  18. Thomas 4

    Well....

    What exactly stops someone taking a screenshot of the fine pop up window, either with a camera or print screen and then taking the PC to the cop shop? It'd be strong evidence in your favour that some bastard dumped it on your PC.

    1. Yet Another Anonymous coward Silver badge

      Re: Well....

      Yes, then all you have to rely on is sympathetic police more interested in a fruitless pursuit of an untraceable international gang than just nicking you. Followed by a trial in which a a judge and jury both understand the technology and believe a child pornographer is innocent until proven guilty - in spite of what the home secretary says.

    2. Ron Christian

      Re: Well....

      There was an incident like that written up in Slashdot awhile back. The guy took his PC to a PC shop (admittedly not a cop shop) and complained that all this porn had been loaded on it. Was promptly arrested on child porn charges. It probably depends on the local laws and specific circumstances, but generally, bringing in the police may not solve your problem.

      I'd be tempted to wave goodby to all my stuff and completely scrub the disk. Or maybe microwave it for a few minutes and buy a new one.

  19. Anonymous Coward
    Anonymous Coward

    Nuke it

    Pull your hard drive and destroy it. If you report this to your local flatfoot they will arrest you, impound all your equipment and charge you with whatever the local district attorney wants to throw at you. By the time the computer is examined by forensics you will be tens of thousands in debt with a destroyed reputation . 100 bucks for a new western digital is cash well spent.

    That and kill the ringleader if you are Liam.

  20. Atonnis
    Devil

    Anonymous...

    ...would, despite the opinions of some people, probably be the ones to appeal to here. They have a history of semi-ethical-driven behaviour. It'd be an applaudable act if they tracked these scum down and made their names and addresses known to the public and legal authorities, along with pictures of them, if possible, and their social networking addresses....

  21. Anonymous Coward
    Anonymous Coward

    Is this the new KP distro method?

    Are the pix all the same for every incident, or different? I mean, this could just be a cover for a KP distro ring, you pay up plus 1p, and they "reinfect your machine".... and you can claim to the plods that it was an infection not mental deficiency, as referenced by TheReg article on this sort of, er, "scam".

    It is not like there will be a screen shot of the KP to compare after all, so all the images could be different and no one would know. What a plan.... perhaps I could make money off by getting a worldwide patent then suing the perps for infringement when they are caught?

    (BTW the latest in America is that anyone caught with KP on their machines, has to pay damages to the underage participants. For each and every image. So not only do you get to carefully carry the soap in the shower but if you get out, you won't have enough cash to buy a donut to sit on).

  22. Ron Christian
    WTF?

    wait wait wait...

    > The ransomware sports logos of the German Federal Office for Information Security (BSI) and the German Society for the Prosecution of Copyright Infringement (GVU) to lend an air of authenticity to proceedings.

    So... there's kiddie porn on your computer, and you're supposed to believe that the government is concerned about copyright infringement?

  23. Anonymous Coward
    Anonymous Coward

    No choice. Has to be immediate destruction of hard drive.

    Congratulations 'Think of the children' extremists. You've just ensured that a bunch of really despicable criminals will never be traced.

  24. Old Handle
    FAIL

    It was inevitable

    This is (another reason) why information should never be illegal. By making simple possession of an image a crime, governments have literally put a weapon into the hands of cyber criminals.

This topic is closed for new posts.

Other stories you might like