Increasingly innovative computer scripts are being created that automate entire criminal processes—processes that, in the past, used to require human intervention.  Don’t like your boss?  Threaten to tell his wife about the affair with his secretary unless he pays you to keep quiet.  The problem was that your boss knew it was you who was blackmailing him, opening the blackmailer to potential negative consequences.  Now, however, thanks to the miracle of technology, no need for a human being to become involved in such a dirty and murky affairs.  The entire process can be scripted and automated.

Not only can you extort your boss via a scripted attack, but as the entire process is automated, you can blackmail other people’s bosses halfway around the world as well.  Crime automation allows transnational organized crime groups to gain the same efficiencies and cost savings that multinational corporations obtained by leveraging technology to carry out core business functions.

As revenue generation via crime commission is the core competency of any organized crime group, automating the process can yield impressive returns.  Of course for those victimized by these newly realized efficiencies, the process is less a cause for celebration than it is for concern.

In the case below, a clever Trojan writer has used the popularity of a particular Anime game in Japan to extort small sums of money from victims by publishing their web surfing history online for inspection by the general public.  The game in question was of the “Hentai” (変態 or へんたい) genre—a type of Anime that often shows violent pornographic images depicting young girls in a variety of sexual circumstances.

The trojan would publish the name of the individuals who were downloading the images, as well as screen captures of what the individuals had been viewing.   Naturally, many would not want their web history exposed in this manner and as such the criminals are able to demand money to take down the user’s identifying information.  A clever little trick and yet another step forward in the march towards fully automated criminality in the 21st century.

Porn Virus Blackmails Its Victims

A new type of malware infects PCs using file-share sites and publishes the user’s net history on a public website before demanding a fee for its removal.

by BBC News

April 15, 2010

One of Kenzero's victims is reported to be a school headmaster in Japan.

The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people.

It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.

Website Yomiuri claims that 5500 people have so far admitted to being infected.

The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan.

Masquerading as a game installation screen, it requests the PC owner’s personal details.

It then takes screengrabs of the user’s web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to “settle your violation of copyright law” and remove the webpage.

Held to ransom

The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.

“We’ve seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity,” said Rik Ferguson, senior security advisor at Trend Micro.

Kenzero is a twist on ransomware, he added, which infects a computer and encrypts the documents, pictures and music stored on it, before demanding a fee for a decryption key.

“Interestingly we’ve seen a separate incident that focuses on European victims,” he said.

A fictitious organization calling itself the ICPP copyright foundation issues threatening pop-ups and letters after a virus searches the computer hard drive for illegal content – regardless of whether it actually finds anything.

It offers a “pretrial settlement” fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice.

However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.

“If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware,” was his advice.

“And if there’s online content that you want to get hold of, get it from a reputable website – if that means paying that’s what you have to do.”