The Police Virus continues spreading. This type of virus, a trojan specifically, usually exploits system or software vulnerabilities. Therefore, we would like to remind all our readers basic security measures to prevent future attacks, as published in the blog post How to disinfect the Police Virus.
- Avoid browsing unsafe pages
How? By using virtual browsers as Panda Safe Browser. This type of browsing creates what is called a virtual environment completely isolated from the system and the other applications on your PC, letting you browse the Internet securely. It is as if your Internet session took place outside your computer. This way, your system will be safe from possible Internet threats.
- Enable automatic updates for your operating system, in the case of Windows, Windows update. If not active, you can use the Vulnerability detection analysis featured in any of the 2013 Panda products.
- Upgrade your programs as soon as possible
Do not rely the security of your computer security programs only. Note that many of these viruses mutate easily and very quickly. Therefore, it is very important to close the gates, which are the security holes they exploit.
- Remove, if not required, applications such as Java applets, Flash animations. Otherwise, keep them updated at all times.
- We are sure you already know, but we don’t get tired of repeating it: Never open mails from unknown senders as they may contain virus.
Now, if you haven’t taken into account these security measures and you have already been infected, we recommend cleaning your computer with the free Panda RescueDisk tool.
And remember, if you have any problems with the disinfection, please Contact TechSupport. We know how to help you.
Published by Jose Manuel Bernal, 27/04/2012
This morning, after I started up the PC, I was confronted with the following full-screen window covering the entire desktop:
Without paying much attention to it I instinctively pressed ESC and other key combinations like ALT+F4 to try and close it, but the message had locked the computer rendering it effectively unusable.
The message pretends to come from Spain’s local authorities and claims illegal activity has been detected on my computer. More specifically, the message claims that forbidden websites containing pornography have been visited from my IP address and demands a fine is paid to let me back in. The text, loosely translated, reads:
“Illegal activity has been detected on your computer. According to Spanish law your computer is locked. Forbidden websites containing pornography, child pornography, bestiality, etc. were visited from this IP address. This locking serves to stop your illegal activity.”
This is actually a new variant of the infamous Police Virus called Trj/Ransom.ab, which belongs to a malware category called ransomware. The aim of the people spreading this malware is to intimidate and blackmail users whose PCs are infected and persuade them to pay for having the malware removed. The scam is similar to that of rogueware or fake antivirus software, which we have covered in post The nightmare of fake antivirus continue. Protect yourself with Panda, only this time the perpetrator tries to pass themselves off as a law enforcement agency instead of as an antivirus vendor. Well, here are the Instructions to remove the Police Virus Trj/Ransom.ab.
Finally, we’d like to remind you of these simple tips that will help you protect yourselves from this type of malware.
- Use your common sense. No governmental organization can block access to your computer. Under no circumstance pay the so-called ‘fine’.
- Install a good antivirus. Check out our recommendations in the following post: Protect your banking data with Panda Security’s new 2012 products. Protect your computer at all times and avoid nasty surprises.
- Keep your operating system up-to-date with the latest security patches.
- Never open an email from an unfamiliar sender. Beware of messages with eye-catching subject lines, they are more likely to carry a virus.
- Avoid surfing to non-secure Web pages. In some cases, it is enough to visit a compromised website to get infected without knowing. If, however, you need to access a dubious website, do so from a malware-free environment like that offered by Panda SafeBrowser.