Users of the Japanese file-sharing service Winny are grappling with a new threat today. Trend Micro is tracking a trojan called Kenzero that steals a user's web history and posts it online until such time as the user pays up. The virus is masquerading as illegal copies of explicit Hentai games, assuring the affected individuals likely have at least some embarrassing items in their browser history.
The virus appears to be a game installation screen that requests the personal details of the user. It then posts the web history along with the personally identifiable information. Users are confronted with an email or popup demanding 1500 yen (about $16) to "settle your violation of copyright law" and remove the stolen information from the website.
The website the history is published on is owned by a shell company known to be associated with other malware scams. Security experts warn that paying the ransom is unlikely to result in the removal of the information. It's more probable that the malware makers will just sell the card number. Over 5500 users have admitted to being infected. Might be a good time to update your antivirus, in case Kenzero variants spread.
In a one-two data-theft punch, several hundred thousand jobseekers using Monster.com have had their personal information stolen from the website last week. Here's how it happened and how to avoid being scammed.[updated 8-25-07]