back to article German ransomware threatens with sick kiddie smut

Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). The malware activates when a user is online, and opens a browser-locking screen that …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Been around a couple of months at least

    El Reg has even reported on it

    1. Anonymous Coward
      Anonymous Coward

      It would be worse

      If here in the UK the ransom ware found on your computer said 'Pay up now or you will be exposed for looking at German Porn sites of hairy arm-pitted and unshaven legged German women.

  2. Christoph Silver badge

    Very dangerous indeed

    The real nasty with this is that the person who sees it may assume that other family members have been viewing the pornography. The results could be horrible.

    1. Greg J Preece

      Re: Very dangerous indeed

      Actually, the real danger is from the UK's hysterical attitude to child protection. Simply by viewing the images, you are immediately made into a criminal worthy of registration on the sex offenders register. I doubt whether you wanted to view them or not makes much of a difference, given previous idiocy.

      1. Anonymous Coward
        Anonymous Coward

        Re: Very dangerous indeed

        That is the running concern with strict liability offences. "No one reasonable would assume that I meant to download this." Which is a pretty brave assumption as only an idiot crones "nothing to fear, nothing to hide"

      2. fearnothing

        Re: Very dangerous indeed

        "Simply by viewing the images, you are immediately made into a criminal worthy of registration on the sex offenders register."

        Not the case. The acts involved in this do specify that intent is a necessary component for it to be a criminal act. If a virus flashes up indecent pictures on your screen without your input, that is not a criminal offence. In fact that's the very core of the so called 'Trojan defence'. I know of one case where that defence was proved to be valid (and many others where it was complete bull).

        Now if you meant the Daily Wail's hysterical attitude to child protection, I'll go along with that.

        1. Anonymous Coward
          Anonymous Coward

          Re: Very dangerous indeed

          However, often the Police's attitude and 'sensitivity' has often been lacking.

          I get asked sometimes by customers what I would do if I found a customers PC had such images on it.

          My honest answer would be "nothing", initially. If I reported it into the cops, I can imagine the next thing that's happening is a couple of vans turning up outside my home and ALL the PCs and laptops (got to be sure) being taken out in clear plastic evidence bags for the neighbours to see and rush to conclusions over.

          That kind of sh*t sticks!

          So now I'm a suspected kiddy fiddler and I have no equipment to run my business on. Nor does my other half as they took all hers too. Result.

          No, I'd hand the PC back to the customer, tell them never to call me and then a anonymous tip off might be reported in via a pay phone.

          1. Suricou Raven

            Re: Very dangerous indeed

            All the PCs, laptops, external hard drives, CD/DVD-R, and your mobile phone. It isn't practical to go through everything in forensic detail at the scene of the crime, so standard police procedure is to confiscate anything and everything that could be used to store data and hold it until the specialists have done their thing.

            I'm with you on this. If I ever come across child porn, I'm going to ignore it. I don't want to get pulled into an investigation for something like that.

        2. Graham Marsden

          @fearnothing Re: Very dangerous indeed

          "The acts involved in this do specify that intent is a necessary component for it to be a criminal act."

          Whilst that is technically true, the fact is that the Police and CPS in cases like this act on the principle of "Presumed guilty unless you can prove your innocence".

          Meanwhile all your computer gear, DVDs, CDs, videos, mobile phones, memory sticks and anything else have been confiscated for analysis (which means you'll not see them again for at least six months to a year and they'll often be buggered by the time you do get them back), some "concerned copper" will probably have leaked the story to the press and told your neighbours that you're a suspected kiddy fiddler. and you'll end up with a huge legal bill...

  3. Gordon Fecyk

    Is the scary part just a page in a browser?

    That's all the screen shot example shows.

    Even if this were a redo of the FBI scareware, SRP and non-admin accounts would go a long way to prevent it and anything like it.

    (I have room for lots of downvotes. :-p)

    1. El Zed

      Re: Is the scary part just a page in a browser?

      '.. SRP and non-admin accounts'

      Ah, non-admin accounts.

      Having a relative's machine with, from the description, a UK version of this beastie to disinfect sometime this morning(looks out window, sees it's rather a nice day, so maybe I'll postpone this till late Sunday), here's a story regarding the potential ineffectiveness of non-admin accounts. I set up this machine the last time it got infested several months ago with the standard user account being non-admin, and another account called 'install' with admin rights for the express purpose of installing/updating software only.

      Fast forward to the conversation a couple of days ago when the relative first mentioned the current problem, where eventually I got out of them the fact that basically they'd been using the 'install' account rather than the standard user account to run everything..something to do with they hated having to remember and type in the password 'every time something said it required an an account with administrator permissions'. I asked WTF where they running which kept saying that?, response was the somewhat vague, 'stuff off the internet' , aaargh!.

      So, non-admin accounts, nice idea in theory, so long as either

      a. people can be relied on to act sensibly with the admin account you need to create for them to do software installs etc.

      b. you want to take control of administering their machine on a daily basis. (I should add at this point that the relatives whose machine I'm talking about here live 25 miles from me.)

      Ah well, 'tis the curse of being family IT support, I suppose. It's not as if I've better things to do on a sunny weekend (he says, as he switches off phone, grabs camera gear and runs..)

      1. Paul Crawford Silver badge

        Re: Is the scary part just a page in a browser?

        The weakest link is usually the user.

        I gave up on supporting Windows for family friends for exactly the same reason.

        Now they get Linux and its fine. The odd complaint about not being able to do something, play some game, etc, but until those malware ba*tards decide Linux is lucrative enough to target I have but a fraction of the call outs to deal with screwups.

      2. Gordon Fecyk

        Sucks to be in your family then.

        A applies. B, well, that's not my fault.

  4. joeW

    Devious and Disgusting

    But they're running an even higher risk than run-of-the-mill ransomeware perps. I imagine that if they're busted, they'd also get done with distributing kiddie porn as well as the normal criminal charges.

    Here's hoping, eh?

    1. Crazy Operations Guy Silver badge

      Re: Devious and Disgusting

      That is assuming the images are actually of children, there are pornographers that specialize in making 18+ women look like they are young children; as disgusting as such things may be, they are still legal.

      <- Such people really need to be thrown into a fire.

      1. Christoph Silver badge

        Re: Devious and Disgusting

        As I understand it UK law says you're guilty if in the court's opinion the subject looks underage, even if you can prove that they are not.

        (Presumably that means someone could be done for photographs of their young-looking wife?)

        1. Tom 35 Silver badge

          Re: Devious and Disgusting

          Even a drawing is enough it seems.

        2. Yet Another Anonymous coward Silver badge

          Re: Devious and Disgusting

          >if in the court's opinion the subject looks underage, even if you can prove that they are not.

          So what about Angus Young - ACDC's not-so-young school uniform wearer?

          1. Winkypop Silver badge

            Re: Devious and Disgusting

            Angus does pron?

        3. Anonymous Coward
          Anonymous Coward

          Re: Devious and Disgusting

          There is a legal exclusion for photographing your legally married spouse who is under 18. Not sure if the lower bound is the English 16 or whether it depends on what country you were married in. The Sexual Offences Act 2003 changed the test for 16/17 year olds to the lower threshold of "indecent". Previously that was only a test for under-16s - the 16/17 test threshold was "obscene". Another step in the cultural infantilisation of young adults. Either term, but particularly "indecent", can apparently be very subjective.

          It always struck me that pictures of a St Trinian's themed fancy dress party could be deemed to fall into the "appearing under 18" category and the "indecent" test. It must be remembered that over-zealous "morality" police only need "reasonable suspicion" to justify an arrest whose aim is to permit the confiscation of mobiles and PCs for scrutiny.

        4. Anonymous Coward

          Re: Devious and Disgusting

          "As I understand it UK law says you're guilty if in the court's opinion the subject looks underage, even if you can prove that they are not."

          So, I presume, then, that if you photograph an underage person so she looks like she's over 18, then it's all fine and dandy, since it's the appearance that matters and not reality?

          No? But, but... :P

  5. Anonymous Coward
    IT Angle

    Ransomware and infected PC ..

    "This malware also differs from most ransomware in that it doesn't activate when the infected PC is booted up, but only after a user goes online for a while"

    Who is is going to protect us from this UNIX ransomware malware ..

    1. Anomalous Cowturd

      Re: Ransomware and infected PC ..

      As the screenshot clearly shows Microsoft Internet Explorer browser, that well known piece of UNIX software...

      Back under your bridge!

  6. Old Handle

    An important detail is not clear...

    Does the malware actually show child porn, or is that "censored" version what it really looks like? There's a big difference and it wasn't made clear at all, as far as I could tell.

    1. KrabbyClaws

      Re: An important detail is not clear...

      "This is the first time we've seen images shown – that's very different. It's going for shock value."

      Sounds like it. I imagine they intend to prevent the computer illiterate from taking the computer to a shop or having a relative look at it. Depending on the country, just the act of getting infected with this may put you at risk of jail.

    2. Old Handle

      Re: An important detail is not clear...

      To answer my own question, this article by Sophos seems to confirm that they were the ones who censored it. That being the case I'm surprised more hasn't been made of how much trouble this could get the victim in if any traces of those images left on the computer. They imply some doubt about the girls really being underage, so presumably these aren't the worst sort of pictures imaginable, but still.

  7. Khaptain Silver badge


    How do they manage to hide the financial transactions ?

    If Credit Cards are involved then at least one Credit Card transaction provider is required ( Ogone, Worldpay) etc PLUS one of the banking intermediaries such as Sixpay PLUS the bank who is actually receiving the final monies.

    It's not possible to hide "these" kinds of transactions without a lot of people knowing....... So there appears to be more than just these bad guys being dishonest.

    (I just gave examples of the companies involved in CC transactions , there are probably a hundred more to choose from)

    1. Paul Crawford Silver badge

      Re: Tracability

      Probably by means of the other fools who sign up for the 419'ers "we have finds to be transferred from an African prince's account" bullshit emails.

    2. Charles 9 Silver badge

      Re: Tracability

      The usual way: wire transfers to mules. Wire transfers usually involve cash, so there's a break in the chain at the paying end. The mule breaks the chain at the receiving end.

  8. Winkypop Silver badge

    Catch the bastards

    Add some nasty kiddie pron charges to the mix!

    1. Charles 9 Silver badge

      Re: Catch the bastards

      And if it turns out the ransomware makers are in a country with hostilities to the West?

  9. Anonymous Coward
    Anonymous Coward

    This is why they make prisons

    They make prisons for scumbag digital criminals.

  10. Mick H

    I wonder

    How many users will report this nasty. With so many users machines containing illegal mp3's movies etc, would those users be so eager to report it. Or will they just trash the family laptop and buy a new one.

    Coat because I need to keep clean whilst diving into those bins. =)

  11. Charles 9 Silver badge

    I think I mentioned it the last time something close to this popped up. What if someone used child porn as ransomware and then compounded the threat by saying if they don't cooperate immediately, they'll relay as much personal information as it can mine to the authorities on the grounds of owning child porn, probably scatter other CP around the drive in ways hard to remove, and then make the user sweat. Now it's either pay up or go to jail (and likely worse). It may even remove itself after a while (but leave the hidden CP) so as to remove the "trojan defense".

  12. Anonymous Coward
    Anonymous Coward

    chuck the computer in a peat bog.

    hope your backups haven't preserved the nasty.

    the internet is just a fucking snake pit.

    1. Anonymous Coward
      Anonymous Coward

      Add to your to-do list

      * Learn to use capital letters

  13. Anonymous Coward

    "SICK KIDDIE SMUT" opposed to some other kind? :P

  14. Wpgwill

    In the US, at least in some states intent isn't required in being prosecuted for child porn. Possession is sufficient. Nasty twist for residents of the US...

  15. Paul 129

    Interesting on the PC repair trade.

    If your asked to remove this virus it could all fall on you. Hear of someone with this virus, refuse to work on their computer as it would require you committing an offense. Direct them somewhere else (Dodgy Competition) and then call the police on the competition. PROFIT!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019