Romanian security authorities have announced the appearance of a new malicious software that first claims to be a law enforcement agency then accuses those infected of “software piracy” and the downloading of “illegal porn“, according to an article published by the Sydney Morning Herald. The article indicates that the “Icepol” trojan is responsible for sending accusatory messages to it’s victims before locking the victim’s computer, then demanding “payment to unlock it.”
The report indicates that Icepol – which originated in Romania – infected approximately “267,000 computers in the US, Germany and Australia” and was directly responsible for approximately “148,000 scam transactions in just five months” and “was distributed in 25 languages.” According to the article, security experts determined that the attacking servers were “organised in a pyramid scheme where a number of affiliates were connected to a central (command and control) server responsible for delivering the malware.”
Catalin Cosoi, chief security strategist for security vendor Bitdefender, said, according to the article, that “the scam revealed a larger malware distribution system” and that “the criminal underworld has developed supply-chain networks that work much in the same way as more traditional criminal enterprises – even down to money-making referral and syndication schemes.” The article indicated that security authorities closed in on the “Romanian-based unit” as it communicated “with a central server in The Netherlands, before it was moved to Germany”
A senior security analyst at the Australian Institute of Criminology, Raymond Choo was also quoted in the article to say, “[A big threat] to cyber-security is the asymmetrical nature of cyberspace that can be leveraged by smaller or less technologically advanced countries to launch [attacks] by buying or renting the services and skills of cybercriminals.” The article states that many security experts agree with the concept of a “darknet’ – the seamy online underbelly used to produce and swap everything from bomb recipes to child pornography” and say that this concept applies to “hacking communities” that allow “organised hacking groups to join, collaborate and disperse.”
Read more in the full article at the Sydney Morning Herald about this new malware and the current views from security experts regarding cyber crime, hacking and those organized groups who are involved in these types of attacks.