Microsoft flags malware that poses as police

Microsoft has warned people of a localised strain of malware that masquerades as a message from a country’s local law enforcement.

The ‘ransomware’ — malware that takes control of a user’s device and demands payment to unlock the computer — was detailed by Microsoft on Monday.

“What is remarkable in the cases of ransomware we’ve seen lately is the effort that the authors have put into creating different versions for every targeted country,” Microsoft wrote in a blog post on Monday. “We’ve so far seen variants localised into four languages: English, Spanish, German, and Dutch.”

The malware is delivered by drive-by downloads — websites that invisibly poison a user’s computer — and uses the Blackhole Exploit Kit.

People can avoid the malware by keeping their browser and browser plug-ins up to date and installing all relevant Microsoft security updates, the company said. The malware doesn’t seem to use any zero day exploits, Microsoft said.

The malware imitates local country’s police forces and, so far, poses as the UK’s Metropolitan Police; the Spanish Police; the Dutch Police; Switzerland’s Federal Department of Justice and Police; and Germany’s GEMA and the German Federal Police.

The concentration of the malware lines up quite neatly with its language localisation — 91.59 percent of the samples Microsoft found of a German piece of ransomware were found on German computers.

Microsoft has given the malware four names according to its language localisation: Trojan:Win32/Ransom.DU; Trojan:Win32/Ransom.FS; Trojan:Win32/Ransom.FL; and Trojan:Win32/Lockscreen.BO.

Article source: http://rss.feedsportal.com/c/32424/f/469424/s/1b1b0461/l/0L0Szdnet0O0Cblogs0Cmapping0Ebabel0E10A0A179670Cmicrosoft0Eflags0Emalware0Ethat0Eposes0Eas0Epolice0E10A0A250A460C0Ds0Icid0F938/story01.htm

View full post on National Cyber Security » Virus/Malware/Worms