This BBC blog mentioned recently a new threat attacking Japanese users aka "Kenzero" trojan and we would like to clarify some information about it.

AVG detects all known variants as Trojan horse Generic17.ATLK and Trojan horse PSW.Generic7.AUUX.

This malware belongs to locker or ransom trojan family. Its purpose is to compromise and take ransom from users of infected computer.

It spreads among users of P2P software WinNy. This software is popular amongst the Japanese Hentai collector community. There are more language versions of WinNy. It's popular for illegal content sharing, mostly because WinNy provides partial anonymity for its users. This depends on WinNy version. WinNy has totally 200M users around the world.

Once executed, it starts attended setup and gets screenshots from user computer. In such situation, WinNy is probably running on the screen, so an information about sharing of illegal contest and history of users downloads may be captured. The mechanism is very simple, screenshots are .BMP and .JPG pictures, stored in the system drive in generic folders and file names - for example "5xnCX7e7UE5TQyNhJGHvY5nJMgvpii" with files named "5xnCX7e7UE5TQyNhJGHvY5nJMgvpii.bmp" and "5xnCX7e7UE5TQyNhJGHvY5nJMgvpii.jpg"

These screenshots, together with user information collected from the fake game setup (first name, sure name etc..), are uploaded via internet to the server of a fictive company "Romancing Inc." with free access.

Consequently, user is blackmailed by this so-called "evidence" - for sharing of illegal content and presence of Hentai genre pornography. This is even worse when company computers are used.

Blackmailed user is forced into "pretrial settlement" and has to pay 1500Yen (around 19USD) "fine" for deleting "evidence" from the internet server.

This simple trick was surprisingly effective. And this approach is not the first or even a new threat in the P2P community of WinNy users. In September 2003, strain of worms "Antinny" was spreading there as well.

Those "Antinny" worms had the same idea and had similar success. Even government and law enforcement agencies computers were infected by this worm. "Antinny" steals private user data and screenshots and places them on internet as well.

AVG detects "Antinny" worms variants as Worm/Antinny.

You can download AVG Anti-Virus from www.avg.com or if you are home user you can download AVG Anti-Virus Free for free.

Read more here: AVG | Top Threats

Tags | AVG virus alert