Security Watch | Matt Hines » Porn scammers take over PCs

November 26, 2007 | Comments: (0)

Porn scammers take over PCs

TAGS: Security

The moral of the story is: if you want to look at online porn, you're going to pay for it sooner or later.

Relax, the Zero Day blog has not become the bully pulpit of some smut-loathing voice of hellfire and brimstone.

Rather, it's just that the researchers over at McAfee's Avert Labs group have discovered a truly nasty little form of adware/malware/badware/ransomware that is aimed squarely at the XXX-loving masses.

And while porno sites have long been considered leading sources of malware for unsuspecting URL cruisers (try SiteAdvisor!), this new blend of Web-borne threat appears to be particularly unsavory and underhanded.

Why, you might ask? Because it's a social engineering scheme that tricks people into signing up for expensive services without warning them first, and then begins to shut down their PC by hammering it with pop-ups if they refuse to pay up for the sites.

At least with the old form of ransomware the criminals didn't try to hide who they were. In fact, the idea that they had to communicate with their targets to get paid always made me feel that of all the badware baddies, at least those ransomware types had some form of guts. Of course, those "guts" probably also got a lot of them arrested.

Anyways -- according to Seth Purdy, who blogs on the Avert site, a company identifying itself as Micro Bill Systems (whose adware-like programs have been previously rated as suspicious by other vendors including Sophos) has begun running its scam using a site known as sexxxpassport.com.

The scam works this way: the site offers a free 3-day trial to visitors, but requires that they sign up with Micro Bill Systems to get access. To sign up, the user must agree to an 11 page EULA, without first being required to read it.

Now, if users took the time to read the document they might save themselves from the peril that awaits them, but, if they don't, after three days their trial period ends and they are automatically signed up for a 90 day subscription which will cost them roughly $80.

If that weren't bad enough (because really you could just refuse to pay) at that point the application begins serving pop-up ads to the user, with increasing frequency, demanding payment. And the longer the scam goes unpaid, the more frequently the pop-ups arrive!

In fact, as Purdy notes, Micro Bill Systems admits in its dense EULA language that it will pretty much shut down your computer if you refuse to pay for the, ahem, services.

Quote:

"If You choose to ignore the payment reminders and do not pay the Membership Fee, You hereby understand and acknowledge that the prompt reminders may become more frequent and that You may lose the ability to use Your computer until You have submitted payment. The payment reminders will be active while your computer is online or offline."

So while the researcher never labels the program as ransomware, clearly it is. MBS is fairly well telling the poor suckers who signed up for its program that if you don't pay these hidden fees we tricked you into accepting with our long, legalese EULA, we're taking down your whole machine!

Faced with an otherwise inoperable PC, you could imagine that some people might just give in (especially if they don't savor the notion of explaining to their spouse, or even worse their boss or IT admin, that they killed the PC with porno).

"The closest analogy I’ve come up with: You're offered a free trial of satellite radio for your car," writes Purdy. "Then, a week later, you go to leave for work one morning and find a boot on your car, immobilizing it until you pay up."

I guess the lesson to be learned is to read those EULAs really closely… or to stop looking at Internet porn.
As usual, you make the call.

Posted by Matt Hines on November 26, 2007 02:22 PM

RATE THIS ARTICLE: