“Victim” of Cybercrime Found Searching for Illegal Porn

Talk about irony. You get infected by a cybercriminal’s illegal bot (Ozdok/Mega-D in this case) which takes a screen shot that shows you searching for illegal underage porn; then, security researchers get hold of some screen shots from the bot’s command and control (C&C) server; while going through the shots, the researchers come across those of your screen and notify the authorities (presumably, the FBI).

From a Security Works research note, Ozdok: Watching the Watchers:

Also, a note to the gentleman searching for images of nude preteen girls: You can run all the anti-spyware tools you can find, and employ the best anonymity tools in your web browser - it’s not going to help you if you get infected with an advanced trojan like Ozdok/Mega-D or one of the many others that allow hackers to take screenshots of your computer desktop. Don’t worry though, you probably won’t need a computer in the near term, as we’ve notified the authorities of your name and location (which you conveniently provided in a series of screenshots).

The good news is that you can remove the pest. Here’s what Symantec recommends for their products:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.

Complete removal instructions in this article.