Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    The Police Trojan has been targeting European users for about a year. It should come as no surprise that the latest incarnations of this obnoxious malware have started targeting the United States and Canada.

    In the latest batch of C&C servers we have analyzed, not only has the list of countries increased but also their targets are now more specific. For instance, UKash vouchers are not available in the U.S., thus the U.S. fake police notification that spoofs the Computer Crime & Intellectual Property Section of the U.S. Department of Justice, only mentions PaySafeCard as the accepted payment method. The criminals also took the time in adding plenty of logos of local supermarkets and chain stores where the cash vouchers are available.

    Beyond the facade of this criminal attack, we know there is a Russian-speaking gang, which we theorized in our last paper, that had a link to the new Gamarue worm making the rounds in recent months. We can now add another compelling link: the fake police domain announced by the Trojan, has the same registrar as the confirmed Gamarue worm C&C server The first time a researcher sees such a link, it might just be pure coincidence. The second and third times, the link starts to solidify.

    What is becoming crystal clear is that the same Eastern European criminal gangs who were behind the fake antivirus boom are now turning to the Police Trojan strategy. We believe this is a malware landscape change and not a single gang attacking in a novel way. We also found C&C consoles that suggest a high level of development and possible reselling of the server back-end software used to manage these attacks. Police Trojan attacks are here to stay – until they are done milking this cow and have to look for a fatter one, that is.

    You can read our full report on the Police Trojan in Security and Intelligence section of the Trend Micro website.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Corks Opinion Page

      My friend got hit with this only yesterday I was lucky enough to actually delete it for her after 3 hours of headaches I finally bait it. Was the toughest Trojan I ever had to destroy :-/ hope all ye can sort it. I’ll post the link to deleting it shortly

    • Chris in AK.

      I got hit with this today. I recieved an e-mail from a person I have not heard from in years and it had 2 hot links on it. My “trend” stopped me from opening the links but I seem to have gotten it anyway. I had to unplug from the internet and restore my Pc to an earlier time in order to get it working again and “trend” cant seem to find it. I hope its not lurking around in my PC doing other things.

    • Pingback: Police-themed ransomware starts targeting US and Canadian users | Network Security Software()


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice