We have been analyzing and monitoring the so-called Police Trojan since it appeared a few months ago. This malware infects the victim’s machine by means of a web page and hijacks the machine so as to make it unusable until the owner pays a 100-euro fine. Yes, a fine: it threatens users by posing as the police forces of the victim’s particular country and in the victim’s language. This bullying strategy seems to be paying off because there’s no shortage of infections in the European countries affected by this Trojan.
We’ve taken a deeper look into the inner workings of this Trojan as well as the network infrastructure that its owners use to control and receive the payments. We also have found ties with different malware campaigns, from ZeuS to a recent newcomer to the malware scene called Gamarue.
The same people peddling this Trojan are also heavily involved in other malware and are very invested in this business. For instance, we have found that they were affiliates of the DNSChanger Trojan that Rove Digital was sponsoring for a few years.
These criminals are carrying out these attacks professionally and will continue to be because of how much money they are able to make. This is a perfect example of one such group that has found a way of extorting money out of unsuspecting Internet users. We have written an extensive report on the Trojan and the people behind it, which you can download to get the full picture of this criminal organization.
Leave a reply