…were the first words that came to mind upon knowing the billing method used by the adult Web site www.sexxxpassport.com and Micro Bill Systems (MBS), a payment and debt management service provider, to bill their subscribers. To say the least, this is social engineering on a completely new playing field.
TrendLabs has received a sample of the file named MBSAUTHENTICATE_39.EXE-1, which is served from the said adult site’s default page, and detected it as TROJ_AGENT.PYC. Users visiting the site are required to download and install this file on their systems to avail of the free 3-day site access. From the default page, users can also find a link to the site’s Terms & Conditions, though they are not required to view the page before proceeding with the download. Users will most likely skip the page — this assessment may have already been thought out by the site owners, too — only to find out that they have fallen prey to extortion.
Users may be apt to complain, but the site owners and MBS have made it clear (though alarming) the methods that they’d be doing, possibly to shift the blame back to the unknowing users themselves. Upon further study of the site’s terms and conditions, Section 12.5 is found to be notable:
12.5 If You choose to ignore the payment reminders and do not pay the Membership Fee, You hereby understand and acknowledge that the prompt reminders may become more frequent and that You may lose the ability to use Your computer until You have submitted payment. The payment reminders will be active while your computer is online or offline.
Inadvertently ‘affirming’ to this term allowed the site owners to disable the user’s system by inducing subsequent pop-ups of billing reminders that can powerfully obscure view of all items (opened windows, running applications, icons, etc.) on the user’s desktop, making the system virtually unusable even for a short time.
Trend Micro advises users to refrain from downloading and executing files from sites that may seem legitimate.