The fraud uses a malware variant known as ransomware, which extorts payment from the computer user. This ransom is paid to unlock the user's access to now-encrypted files, for example, or in the case of the Kenzero Trojan, in order to prevent the public revelation of the victim's web browsing history and other personal data — including the fact that they paid to download "the porn game."
According to security specialists Symantec, the Infostealer.Kenzero Trojan poses a serious security threat and is most prevalent on Japanese websites.
"Infostealer.Kenzero is a Trojan horse that attempts to steal information from the compromised computer and sends it to a web site that can be publicly viewed," states a Symantec warning. "The malicious file typically arrives as an installation file for certain computer games."
When run, the Trojan grabs a screenshot of the user's desktop and uploads it to an FTP site, and then connects to websites that provide the user's IP address and host name info.
A form is then displayed that asks the user for various bits of "registration" information, including first and last name, company name, address and phone number, among other personally identifiable information, which it adds to by stealing the computer's name and clipboard contents, among other things, uploading it all to a Japanese website.
Once the user submits this info, in order to "play the game," he or she receives an email containing a link to a web page that demands payment to keep this information private.
With all of the challenges facing adult marketers today, one more issue that imparts fear in the mind of the consumer is not something to take lightly, especially given the nature of the attack which occurs as part of an "adult entertainment purchase and download" — an attack that may not be easy to recover from.
"It actually can be pretty hard to get rid of as well and you're never really sure if it's really gone," ParetoLogic security analyst Jerome Segura said. "When we see something like that usually we advise [victims] to reinstall the operating system or reinstall backups."
