Porn fans free again after police ransomware disrupted

The Koler ransomware campaign that targets mobile visitors to porn sites has been disrupted, according to security firm Kaspersky.

The malware threatened victims running Android with a message purporting to be from local police, demanding between $100 and $300 to unlock the device, even though no files were encrypted by the virus.

Vicente Diaz, principal security researcher at Kaspersky, described the campaign as "well organised and dangerous".

"Dozens of automatically generated websites redirect traffic to a central hub using a traffic distribution system where users are redirected again," he added.

"The attackers can quickly create similar infrastructure thanks to full automation, changing the payload or targeting different users."

The campaign relies on apprehension among victims about being caught watching porn, with the infectious app tellingly named "animalporn.apk".

Koler’s command and control (C&C) server was reconfigured to send uninstall instructions to victims, causing the malware to be deleted, according to the firm.

180,000 people are thought to have been exposed to the campaign, with 80% based in the US and much of the remainder in Australia, the UK and Canada.

Kaspersky believe that the group responsible for the campaign are also behind Reveton, which follows a very similar form to Koler, and expects similar campaigns to be "the norm" in the future.