The Ransomeware Troyan has been very popular lately known as "Police Troyan" because after infection, user machine appeared locked showing a fake police webpage indicating that the user is suspected of certain crimes and his machine will remain locked until the payment of a penalty equivalent to certain amount of money.
At this time it was found a similar version of the Troyan Ransomeware with same fraud technique but this time pretending that victim has infringed some laws related to copyright and requesting payment of the appropriate sanction.
When user's computer has been infected, the Troyan redirects user navigation to the malicious URL:
This malicious script checks language settings that user has set on the browser to display a false webpage on user's language simulating the legitimate institutions of his country that are dedicated to protect copyright and intellectual property.
For Spanish users the Troyan redirect to the URL:
That will show the next screen simulating come from SGAE (General Society of Authors and Editors) – Spanish society
For France: hXXp://invalid-crew.com/payz/iframe_FR.php
The Login screen to access Control Panel Ransomeware Troyan has been located at the addresses:
This panel control 5384 infected user machines, there being a high percentage of percentage of Latinamerican users with compromised machines.
In the control panel it is also possible to follow downloads tasks of different malicious binaries on zombies computers.
They are still active infection vectors of the Troyans: