11262024Tue
Last updateFri, 22 Nov 2024 1pm

Advertising

rectangle placeholder

‘Child porn’ internet extortion scheme hits Mexico

Those readers who believe “it doesn’t happen here” or “it can’t happen to me” really need to pay attention this week.  There is an internet-based extortion scheme cropping up all over the world that has now made its appearance here in Mexico.

A message appears on your computer monitor blocking all access to anything but the message and all your attempts to bypass this message will be unsuccessful.  The top of the screen shows the official seal of the Policia Federal Estados Unidos Mexicanos and the official seal of the Republic.  The message begins: “Usted ha visto o distribuido el contido prohibido pornografico (porno infantile/Zoofilia y etc), violando así el articulo 202 del Criminal code de los Estados Unidos Mexicanos.  El articulo 202 del Criminal Code prevé la privacion de la libertad de 4 a 12 años.”

For those who need a translation, the message says you are guilty of viewing or trafficking child pornography in violation of Article 202 of the Mexican penal code and you are now facing 4 to 12 years incarceration (the law is real).  The message on the screen shows the IP address of your computer, the name of your internet service provider, the name of your computer and then it delivers the coup de grâce.  If your computer has a webcam the malware activates it and displays on your monitor a picture of the guilty party (you) sitting in front of your computer!

The message continues to explain that so long as this is a first-time offense you can keep yourself out of jail by paying a fine of 2,000 pesos and then details how to make this payment using the online payment service Ukash.  (I need to point out here that www.ukash.com of the United Kingdom, is a legitimate online financial services company.)

The scam promises that if you the victim will hurry down to FarmaPronto, Extra, ScotiaBank or BBVA Bancomer to pay your 2,000-peso fine, then enter your 19-digit payment confirmation code in the box that your computer will be unlocked within 72 hours. (I should also mention that FarmaPronto, Extra, ScotiaBank and Bancomer are also legitimate institutions not willingly involved in this scam.)

Taking advantage of a user’s webcam to take a picture of the victim is an effective innovation by the crooks.  According to Interpol, when this scam appeared last year in Europe it is estimated that about 3 percent of the persons whose computers were infected paid the ransom to avoid what they thought was the threat of going to prison.  It is estimated this scam brought in €8,000 Euros per day to the bad guys.  Who says crime does not pay?

The name of this trojan program is Trojan:Win32/Urausy.C and it is one of a growing number of sophisticated malware programs that locks users out of their computer until the victim pays a ransom.  In addition to the Mexican Policía Federal the fake messages appear to come from the FBI (United States), Scotland Yard (UK), Office Central de Lutte contre la Criminalité (France), Gesellschaft zur Verfolgung von Urheberrechtsverletzungen e.V (Germany) or others depending on where you are located.  None of these real law enforcement organizations is involved in the scam.  There is some evidence that suggests the origin of this scam is Russia, but the bad guys have done a very good job of hiding their tracks so nobody knows for sure.

This trojan makes lasting changes to your computer that make it impossible for you to download, install, run, or update any antivirus protection software.  Microsoft rates this infection as “severe” and removing it from your computer requires technical expertise beyond the experience of most users, meaning you will need professional help.  Paying the “fine” is not necessarily a viable option because there is simply no guarantee the crooks will unlock your computer and return it to a usable state even if the ransom is paid.

Occasional Reporter contributor Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico.  The opinions expressed are his own. He may be contacted through his web site at SMAguru.com. 

No Comments Available