The Social Impact of Malware Infections

I have a virusI just had a good experience today about the “social impact” of malware infections and I would like to share it with you. For most infosec people, it is part of the game to play the fireman for family and friends when they are in trouble with their computer. The term “computer” is used by them as a generic term and includes the hardware, the software, the Internet connectivity, mailboxes, etc. Today it was again my turn to be contacted by a friend who received a “strange message” on his screen. That’s also typical, people see always strange message and even to not try to read and understand them! My wife picked up the call and said that my friend looked very affected and asked to call back asap…

I quickly brought with me an emergency toolkit (a BackTrack on USB, some cables, USB sticks, a Windows DVD) and went to the front! Once arrived, my friend was very happy to see me and explained that while surfing on “some websites“, suddenly a message popped up! For me, it did not look like a regular malware infections: they usually try to install themselves and operate silently. My attention was focused on some words while he was describing the problem: “Police“, “They ask money“, “pornographic website“. Ok, it’s a ransomware! I booted the laptop offline to reproduce the malicious behaviour and saw this nice screen:

Ransomware Pop-UP
(Click to enlarge)

My friend and his wife were really very affected by this message and did not know how to react. They saw this as an intrusion in their private life. Worse, the displayed message referred to visits to child pornography websites! Of course, I was tempted to find the infection vector which was certainly a compromised (or malicious) website. But my goal was also to respect my friend’s privacy.  I decided to simply get rid of the malware. Quite easy with one. It’s a common one and just display a pop-up window. There is no file encryption. I just booted in Emergency mode and reverted to the latest valid restore point. Case closed!

Then I took some time to discuss with them and I realized how this story affected my friend (and his wife!). The infection happened Saturday evening. He did not sleep, he did not eat at all! He had 24 hours to pay 100 EUR and he spent the night with the following questions in mind:

  • To pay or not to pay?
  • Do I talk about this problem with my wife?
  • But I never visited child pornography websites, how did they find this?
  • Will the police catch me? Come to my house, seize my computer?
  • How to report that I’m not a criminal?

Hopefully, he had the good reaction and called me “because I’m working with computers” (like mentioned in the introduction). But not all people know other IT people and could benefit of free support. How will those people address the same kind of issue? His wife also had lot of questions:

  • Does my husband really visit child pornography websites?
  • Can I trust him again?
  • Will the police catch him?

Those friends are in couple for years and have a very stable life. Can you imagine the same story in a couple who has already social or financial problems? Or who want to divorce? This could completely change the rules of the game. This story really proves that bad guys are playing with the human behaviour to catch victims!

It’s a pity that I did not found the website which delivered the malware to make a deeper analyzis but, once again, it’s my friend’s privacy! Let’s put the social aspect aside now, why he was infected? Hélas, I should say nothing new, regular mistakes:

  • Using the computer with administrator rights
  • Outdated AV
  • No backup

It’s amazing (in the right sense of the term) to see how such malwares use the human weaknesses and feelings (stress, shame, ignorance, …) to successfully perform their goal! Anyway, the case is closed for my friend. I’ll just need to continue the awareness trainings from time to time! 😉

6 comments

  1. Hi guys,
    I heard about this one ca. a week before it apeared on my teachers pc in school(please don’t judge me) he was afraid he’d lose his job, it’s a common piece of malware and it seems to do what it’s intended to.

  2. Hi Xavier,

    Your post is very interesting. It pushed me to ask myself the question on how would my family react in similar circonstances.
    To me, the main point that left your friend sleepless is that he has been accused of consuming child pornography. Today, being accused of child abuse is a very powerful weapon, because even if you are confronted and proven innocent, your life may be ruined.
    Consider even that on internet, you do not have a 100% control on the data you receive. When browsing a regular (or pr0n) website, how can you be sure that you won’t receive a naked picture of an underage child ? If you call for help, what are the odds that the police will find such material on your computer ? Are you willing to risk it ? Are you willing to let police take all you stuff, inspect all your computers, hard drives in search of evidence ?
    This malware exploits a very nasty blackmail loophole we have in our current society, in which an accusation (even false) is enough to ruin your reputation.

    Unfortunately I don’t think the solution to this problem could be technical. If I received such a blackmail accusation in my snail mail box, I would be as concerned as your friend until I’d find an explanation and evidence that there is no threat for me.

    Aris

  3. Hi, amazing story!
    Thanks for sharing this. Working also in the infosec industry , I
    know a lot of cases where people made the mistakes mentioned by you and got a virus and etc etc.., but this is the first case where I see a malware having a social impact on its targets.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.