• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Trojan on the Loose: An In-Depth Analysis of Police Trojan

Trojan on the Loose: An In-Depth Analysis of Police Trojan

  • Posted on:April 4, 2012 at 2:47 am
  • Posted in:Malware
  • Author:
    David Sancho (Senior Threat Researcher)
4

In recent months European internet users have been plagued by so called Police Trojans that lock their computer completely until they pay a fine of 100 euros. Yes, a fine: it does its threats by posing as the police forces of the victim’s particular country and in the victim’s language. This bullying strategy seems to be paying off because there’s no shortage of infections in the European countries affected by this Trojan.

We’ve taken a deeper look into the inner workings of this Trojan as well as the network infrastructure that its owners are using to control and receive the payments. We found ties with different malware campaigns dating back to 2010, from Zeus and CARBERP to a fairly recent newcomer to the malware scene called the Gamarue worm.

The same people peddling this Trojan are also heavily involved in other malware and are very invested in this business. For instance, we have found that they were affiliates of the DNSChanger Trojan program called Nelicash that Rove Digital was sponsoring for a few years. The main persons behind Rove Digital were arrested on November 8 2011 after a two year investigation by the FBI, the NASA Office of the Inspector General and Estonian police in collaboration with Trend Micro and other industry partners. So we might have found an important clue who is behind the police Trojan.

These criminals are in it professionally and will continue to be because of how much money they are able to make. This is a perfect example of one such group that has found a way of extorting money out of unsuspecting Internet users. We have written an extensive report on the Trojan and the people behind which you can download to get the full picture of this criminal organization.

Click for larger view

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.