PandaLabs has warned users of the existence of a malicious application called PornMagPass, which tries to blackmail users through the lure of free access to pornographic websites. This program installs adware to redirect users to the page of a supposed security program for cleaning infected computers.
PornMagPass is hosted on a web page offering all types of pornographic content in exchange for downloading an application onto the user’s computer. When it is run, the program installs a resident application providing direct access to adult content.
However, on accepting the program’s end user license agreement, the user is authorising the application to take a series of actions such as changing the browser homepage and installing adware and PC protection software. This clause permits the program to install spyware along with a supposed anti-spyware program called SpywareQuake. It then warns users that their computers are infected, offering to clean their system. In this way, the owners of SpywareQuake profit from every copy of the program sold, as do the makers of PornMagPass, who are earning from every copy that enters infected systems.
PandaLabs has also discovered that PornMagPass installs a complement to Internet Explorer which redirects users to a false “page not found” error message. This informs the user that adware has blocked access to the requested web page, offering a supposed security solution to remedy the situation. The trick error page even simulates the security message displayed by Internet Explorer when it blocks malicious content on a web page.
There is nothing new about the methods used by PornMagPass. Other programs such as DigiPass, EmediaCodec or DigiKeyGen, for example, use the same technique to attract visitors and then install hidden programs that allow them to blackmail the victim with fictitious threats. Certain common features among them could point to the same spyware creator.