For once, malware is the hero of the story. A piece of ransomware tricked a paedophile into turning himself in to the authorities.
Ransomware, also known as cryptoviral extortion or scareware, is a class of malware that limits access to the PC it infects, and demands a ransom in order to restore full functionality to the machine. Some strands of ransomware encrypt files on a system's hard drive, while others lock the system and display a pop-up message, that threatens the user with consequences should they fail to cough up.
Not the brightest spark
It was reported by Tech2, that James Riley, a 21-year-old from Virginia in the US, was surfing the Web when a pop-up appeared and told him that child porn had been found on his machine, and failing to pay a fine would result in access to his computer remaining blocked.
Riley, who didn't want take the chance that he was paying for nothing, took his machine to the Garfield District police station, to ask if there were any warrants against him in a child pornography case.
This caused the Special Victims Bureau to start an investigation, during which they uncovered three pieces of inappropriate material of underage girls on his computer.
According to the Daily Monitor, one of the girls was identified as a 13-year-old from Minnesota. Following her identification, a search warrant was issued, and Riley's PCs and other electronic equipment were seized. An arrest followed and Riley was charged with "three counts of possession of child pornography, one count of using a communication device to solicit certain offenses involving children, and one count of indecent liberties with a minor". He is being held without a bond.
There have been instances where ransomware has planted pornographic images on an unsuspecting user's machine to frighten them into paying the ransom, and The Verge says Riley may be guilty of nothing more than a "mortifying lack of tech-savvy".
'Good' malware?
While Riley's case may have been a case of malware helping by accident rather than design, there have been cases of malware that appeared to be created with good intentions.
In 2003, the Welchia worm, or Nachia worm, was designed to exploit a vulnerability in the Microsoft Remote procedure call service in much the same way as the Blaster worm that spread on computers running the MS Windows XP and Windows 2000. Unlike Blaster, however, it tries to download and install security patches from Microsoft.
However, security researchers said despite its pretence of friendliness, Welchia created enormous hassles for IT administrators already struggling to clean Blaster.
Internet News reported at the time that Welchia was "even more problematic because of the propagation technique it uses". It added that the worm was "capable of crippling a large corporate network".
In another case in 2006, Sophos Labs uncovered a Trojan, called Erazer, that "seeks out and wipes movies and MP3 music tracks that it believed infected computers are illegally distributing via file-sharing networks".
Erazer scoured folders used for peer-to-peer file-sharing peer-to-peer for AVI, MP3, MPEG, WMV, GIF, ZIP and other files, and when found, wiped them, planting itself in their place, using names aimed at tempting the user into opening the files, such as game.exe, goporn.exe, nero7.exe and officexpcrack.exe.
Described by Sophos as a "vigilante worthy of a Charles Bronson movie", Erazer might have been aimed at throwing a spanner in the works of illegal file-sharing. However, Sophos was quick to point out that the Trojan could "aim poorly and wipe out innocent files too".
Share
