A Powerful Form of Coercion

In the past we’ve blogged about fake anti-spyware/anti-virus Trojans that claim the computer is infected or compromised in an attempt to coerce the user into purchasing a fake anti-spyware/anti-virus application. Here’s an example of a popup message displayed by Troj/FakeAle-BJ:

‘Windows Alert
Critical System Warning! Your system is probably infected with version of Spyware.IEMonster.b. Spyware.IEMonster.b is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. Spyware.IEMonster then sends stolen passwords and other sensitive information to a php script at a pre-specified website where the stolen details are logged. Click here to protect your computer (recommended).’

(with the ‘Click here’ text linking to a website offering the “full version”).

These Trojans target a users fears and desires (as do almost all email and internet scams). Recently we’ve seen members of this family of Trojans targeting fears over identity theft (see: Fraudsters Target Fears Over Identity Theft), however Troj/FakeAle-BJ targets another fear.

Troj/FakeAle-BJ installs an icon on the Desktop with the filename “CP illegal content.URL” and an bitmap image containing the text ‘CHILD PORN VIDEO’.

icon3

At this stage most users will believe they’ve already clicked on something they shouldn’t have and may well have done. For users who share a computer, having pornographic icons plastered all over the Desktop is potentially very embarrassing, but when they contain the text ‘CHILD PORN’ the impact can be much greater. It’s not something most people would want to be associated with in any way, so they ‘Click here’ to go to and pay for a subscription to “XP antivirus”