Wednesday, June 18, 2014

Browser Locked Scam


Bad news everyone.
I've been busted for viewing child porn. :(
Or bestiality porn.
Or rape porn.
Or downloading copyrighted material.
Or bulk-spamming.
Or another terrible internet crime of some kind. The FBI isn't quite sure what crime I've committed, and neither am I, but fortunately if I wire $300 within 24 hours, my legal problems might go away (for now).



The other day I was carelessly poking around the web trying to dig up more info on MoneyPak scams, using Bing. I clicked an image link and suddenly found myself being bounced from the first website straight into a fake FBI honeypot. I'm disappointed my Firefox settings didn't block the auto-redirect, but as Mozilla devs know, nothing is foolproof. I'm also disappointed in Bing image search user vulnerabilities but I don't have the time to explain.

I tried to close the tab and browser, but a "NoClose" javascript had locked my browser. Naturally I forced Firefox closed via Windows task manager (Ctrl+Alt+Del) but since I'd already been busted, I returned to the site after enabling NoScript.

The above partial screen cap shows what appears to be 2 FBI agents shocked by what they're seeing on their screen, which I guess is the kiddy porn vids or photos of dogs and donkeys mounting Sao Paulo favela hookers I supposedly downloaded.

Below the header, my IP # was boldly displayed in green, so I know they know who I am. I've replaced the IP# with one of Google's IPs for privacy purposes, but you get the idea. Below that is a code of some kind, which I guess I'm supposed to use in the payment process. I've altered that # too, in case it can also be used to identify me somehow.

And off to the right we see a MoneyPak payment form, where I can quickly & conveniently fork over 300 bucks to get those pesky feds off my back, and unlock my browser or PC, and continue on my merry way, breaking porn laws and such. Also a countdown clock was displayed, to remind me there's now less than 24 hours to pay up before Jack Bauer kicks in my door.


The fake FBI honeypot url is: security-scan-yygdodq.in
Registrant ID:WIQ_37057830
Registrant Name: Charli Burnell
Registrant Street1: 52 Hay Point Road
Registrant City:Mackay West
Registrant State/Province:QLD
Registrant Postal Code:4740
Registrant Country:AU
Registrant Phone:+61.749999938
Email: cook@security-scan-yygtdodq.in

I wasn't able to determine the domain IP by pinging their server, but it appears the IP location resolves to Germany - Bayern - Nuremberg
Name Server: NS1.SECURITY-SCAN-YYGTDODQ.IN
Name Server: NS2.SECURITY-SCAN-YYGTDODQ.IN

Another domain these scumbags operate is: fernecarolina.in
which is (or was) an illegal pharmacy site, which I'm guessing they also used to blackmail site visitors.

Thus far it doesn't look like my system was infected with scareware or ransomware, FBI MoneyPak virus etc. This failed attack is probably nothing more than a cheaply scripted phishing site. But if you're having a problem like this, and you're periodically or constantly being directed to web pages like this, or you get similar popups on your screen, your computer is infected. Time to run multiple AV scans and head to Malware removal forums for advice.

Again, Windows users should know how to open task manager and force their browser closed to escape such attacks. Ctrl+Alt+Del > Start task manager > Apps or processes tab > 1 soft L click on Firefox exe to highlight (or IE, Chrome, whatever browser you use) > then hit End Task button. You can also R click on it and choose End Task from the context menu. Same basic principle works in Processes tab. ALSO beware when you restart your browser, it doesn't stupidly auto-reload the same attack page you just narrowly escaped. Another complicated annoying browser issue I don't have time to get into.

The main thing is to stay cool on your stool... DO NOT PANIC and start wildly clicking around your screen... focus on how to close your browser calmly and manually, and you're out of the trap.

This highly official looking badge was also displayed on the site. That @ symbol scared the crap out of me! Oh noes, the frickin @ squad again! "Consequences will never be the same"....
 ___________________________________________________
Here's the full page text for educational or amusement purposes:

ATTENTION!
Your browser has been blocked up for safety reasons listed below.
All the actions performed on this PC are fixed.
All your files are encrypted.
CONDUCTED AUDIO AND VIDEO.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law. Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law. Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.

Unauthorized access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 215 of United States of America criminal law ("Law on negligent and reckless disregard of computers and computer aids"). Article 215 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to 100.000$ fine.

Further, after information of your personal computer was examined, it was found out that your personal computer had been regularly used for bulk-spamming, either arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 301 of United States of America criminal law ("On bulk-spamming and malware (virus) dissemination"). Article 301 of United States of America criminal law provides for the punishment of deprivation of liberty for term up to 5 years, and up to 250.000$ fine.

Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.

However, pursuant to Amendments to the United States of America criminal law dated January 02, 2014, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).

The penalty set must be paid in course of 24 hours as of the breach. On expiration of the term, 24 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you. Amount of fine is 300$. You can settle the fine with MoneyPak vouchers.

As soon as the money arrives to the Treasury account, your browser will be unblocked and all information will be decrypted in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise, your computer will be blocked up and criminal case will be opened against youself (with no option to pay fine).

Please mind, that you should enter only verified passs of vouchers and abstain from caching out of vouchers once used for fine payment. If erroneous passs were entered, or if attempt was made to cancel vouchers after transaction, then, apart from above breaches, you will be charged with fraud (Article 377 of United States of America criminal law; 1 to 3 years of imprisonment) and criminal case will be opened.

2 comments:

  1. They have new URLs now (sigh). All that I've found were security-scan-xxxx.in (where the xxxx is a 4 digit number). Best as I can tell, I hit the most recent one via a random 3rd party ad on an image hosting site. I couldn't back-track the actual link in the Chrome history as it's not as complete as Firefox is. Chrome won't show the intermediate redirects.
    For certain, block the following addresses (Whack-A-Mole):
    81-stopadware2014.in
    security-scan-7876.in
    security-scan-8814.in
    They'll undoubtedly spawn new domains as time goes on.

    ReplyDelete
    Replies
    1. Probably the most important issue here is that people understand using any image search engine... Bing, Yahoo, Google, etc, places them at risk. Click a pic of a cuddly kitten and... BANG!!!! BUSTED!! They got you bro.

      Delete

Thank you for your helpful comments! Comments moderated due to spam and angry scammers. Please be patient. Copy your comments before clicking publish so you don't lose them to errors. If your comments won't publish, try a different browser. *NOTE: For your protection and privacy I advise readers to comment anonymously. Bookmark this page then log out of all Google accounts & close all Google site tabs or windows, including Youtube. Then return to this blog and post your comment anonymously.