Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘lockscreen’
November 21st, 2013

Ransomware shocks its victims by displaying child pornography pictures

In our blog, we wrote several times about various types of Ransomware, most recently about CryptoLocker. In most cases, ransomware has pretended to be a program installed into a victim’s computer by the police. Because of some alleged suspicious activities found on the user’s computer, ransomware blocks the user from using the computer and demands a ransom to unlock the machine or files.

Different ransomware families have different graphics and skins, usually showing intimidating images of handcuffs, logos of various government and law enforcement organizations, policemen performing inspections, government officials, etc… You can read some of our previous analyses on our blog – Reveton, Lyposit, Urausy – are the most prolific examples of such ransomware.

In this blog post, we will look at the functionally of the same type of ransomware, but one which displays more annoying and disturbing photos. After showing the message saying, “Your computer has been suspended on the grounds of viewing illegal content,” accompanied with the current IP address, name of internet service provider (ISP) and the geographical location, it displays several pictures of child pornography!
01_censored Read more…

Comments off
January 29th, 2012

Unexpected Czech footprint

I’ve already seen many strange things inside malware packers, but there’s always something surprising. The latest time, it was during the analysis of packer used to wrap Zbot, LockScreen and similar binaries (detected under various MalOb-* [Cryp] names). There’s a block of allocated memory with a long list of names. But these names are not used for anything related to malware execution, they’re not visible to the user (unless you emulate/trace the sample), they have no special purpose. But why they are there? And where’s the Czech footprint?

Read more…