Monday, September 23, 2013

A few security companies report grave variation of ransomware trojan that actually puts "illegal content" on users' computers, possibly legally compromising them

Webroot is advising users that there is now a ransomware Trojan that not only demands payment for a supposed child pornography infection, but actually moves the illegal content to your computer and displays it.  A YouTube video in a “VlogThreat” blog entry at Webroot’s site by Marcus Moreno and Richard Melick explains how the “shakedown” works here.

The link for the Webroot entry is here.
There are a few other stories on the web about this. For example Avira has a report dated in May 2013 here
A company called Hitman Security has another report from May, 2013, here.  The Trojan, called a “BKA Trojan” apparently was widely reported in Germany. 
I have not seen a lot of discussion of this problem yet among other major anti-virus vendors.  
Generally, these sites are saying that the problem is difficult to fix at home with a virus scanner, even in safe mode, and require a technician to fix.  But there seems to be a Catch-22 in this.  In many states, technicians are required to report CP infected computers, and most stores (like Best Buy Geek Squad) report them as policy.  Most states (like the U.S. at a federal level) have laws that make it a crime to “knowingly” possess or view an illegal image, so the first time, accidental view would not itself be a crime.  But a few years ago, some journalists were writing that possession in some states could be an “absolute liability” offense, suggesting that someone whose computer who got infected was in, a legal sense, an accomplice, at least through negligence.   I don’t know if that’s true now.  
I see that I posed this question with a July 23 posting on this blog, and noted that Florida law apparently requires consumers to contact police themselves if this happens and then seems to give them an affirmative defense.   Florida’s link is there.  But conceivably, a consumer could be required to destroy the computer in some states.  Possibly even his own cloud accounts and social media could be destroyed out of a legal requirement for caution, as well as his own work. This needs more legal attention, and unfortunately, some politicians, in the guise of protecting children, may not be sympathetic to consumers caught in the middle. 
The FBI does not seem to have specific information on this problem yet.  The best that I could find is here.

This issue does need immediate attention from state attorneys general.  Unfortunately, their behavior on the Section 230 issue doesn’t bode well.  

No comments: