Porn virus Kenzero shakes down users for cash

Absurdist photo art depicting the dangers of browsing online. The user is depicted holding an open laptop computer up in front of their face, obscuring it from view. On the laptop screen is a menacing face, suggesting that there are dangerous forces online that can make life very difficult for Web surfers, such as those who encounter the Kenzero porn virus at the file sharing site Winni.

Surf smart when you're online. You don't want to have to deal with the Kenzero porn virus. (Photo: ThinkStock)

A malicious porn virus known as Kenzero is spreading online. If being held for ransom by a Japanese criminal gang because you downloaded illegal copies of hentai video games sounds like a good time to you, then you may have already visited the Winni file sharing site. Those who prefer a safer online experience, one in which malware and ransomware trojan viruses do not infect their PCs, should stay far away.You might end up needing payday loans to disinfect your hard drive and to pay off the Japanese gangster hackers threatening to publish your less-than-pristine Web history for all to see.

Kenzero demands a fee for its removal

The BBC reports that the popular Japanese file-sharing service Winni is used by as many as 200 million people, and the Kenzero porn virus (“porn” because it involves games in the hentai genre – NSFW –which is a sexually explicit form of anime) found there has infected as many as 5,500 computers so far. What Kenzero does, according to the Web security firm Trend Micro, is pretend to be an installation screen from an illegally downloaded hentai video game. During the so-called installation process, it asks the user for personal data, then takes screen grabs of that user’s Web history and publishes it online to the Web site of a shell company called Romancing Inc., with the user’s name attached. Then an E-mail or pop-up window shakes the user down for a credit card payment of 1,500 yen ($16) to “settle your violation of copyright law” and remove the guilty evidence from the Web.

Romancing, Inc., hentai and online yakuza equals no day at the beach

The shell company Romancing Inc. is registered to a fictitious name, Shoen Overns. According to Rik Ferguson of Trend Micro, it’s a name that’s popped up before. “We’ve seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity,” Ferguson told the BBC. He also indicated that variants of the Kenzero porn virus have affected European users, under the guise of ICPP copyright foundation. This strain isn’t tied directly to hentai games. It demands that users satisfy a “pre-trial settlement” of $400 via credit card and reminds the infected user that court costs and/or jail will be much more expensive if they refuse. Not surprisingly, all the Kenzero variants that actually capture credit card information then sell that info to third parties. That’s instant cash for people whose fingers you don’t want all over your credit.

What should you do if you’ve got Kenzero on your tail?

The general advice given by most experts is to ignore the threats and use a quality, free anti-malware scanner immediately to scan your computer and remove any offending files. Spybot Search & Destroy is just one example of free, quality anti-malware software. If you’re looking for online content, the safest and most honest way to obtain it is legally, by paying for it.

Related Video:

http://www.youtube.com/watch?v=ef9uEmVb5Yw

Other recent posts by bryanh