A cunning virus which masquerades as the installer to various pirated releases of popular software, especially adult games, was in fact part of a wider scheme to blackmail the pirates it caught into making payments if they wanted to have incriminating personal details removed from the web.
The virus itself has been spread on Japan’s top P2P networks Winny and Share, where it is disguised as a game installer and packaged in fake pirate releases of popular eroge (or in other popular targets of pirate interest).
The installer first asks for personal details as part of the installation process, which it sends to a remote site, after which it takes a screenshot of the user’s desktop and collects details such as file access and browser history, and sends all of this to the same site.
However, its mischief does not end there – once public, the user was presented with the sight of their details spread about on the web, and a form with which to request the details be taken down.
If the user was stupid enough to provide further contact details, the company would then send a threatening email demanding a small “settlement fee” to clear up the issue of their copyright infringement (none of which was anything more than opportunistic scam, of course).
The sites involved in this particular iteration of the scam have since been shut down, but not before some 5,500 people are thought to have been infected. Just how many went along with the blackmail and paid to save their name, and whether the blackmailers actually removed their details as a result, is not known.
The whole process has come to be known as the “Romancing swindle,” based on the name of a company supposedly involved, Romancing Corporation.
The story has even been picked up by the BBC, though at the time of writing their version is pathetically riddled with inaccuracies – “Winni,” it is said, is used by “up to 200 million people” (larger than the entire population of Japan), and the virus “targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.”
The most famous victim of this particular iteration of the virus was the head teacher of a middle school caught pirating software and downloading what is thought to be child pornography.
Despite the scandal, he appears to have kept his job in spite of it being rather obvious his interest in his students may take a decidedly extramural turn.
Another case was the admin of the “PC Game Clinic,” a 10-year-old eroge review site carrying some 700 carefully prepared reviews, with the admin purportedly an eroge collector and connoisseur.
The admin/writer (or “doctor”) was exposed by the virus to be nothing more than a common pirate, and when confronted first claimed “a friend borrowed my notebook and installed it” – however the screenshots showed more storage than any notebook could ever contain, and 2ch soon gained access to his Mixi profile, confirming his identity, along with the whois details to the domain.
Frantic excuses and offers to show parts of his collection followed, but for some reason he could only get 5 games together. Soon his excuses stopped and he closed the site in what might be presumed to be shame at his deceitful hypocrisy, although he refused to admit wrongdoing (usually a major mistake when dealing with 2ch).
Such viruses in fact have a long history in Japan, generally having been employed for the perverse amusement of sites such as 2ch – voyeurism and vigilantism there combine in a sort of sport in which 2ch occupies itself periodically in attempting to destroy the life of someone it takes umbrage at.
However, in 2007 what may have been the first for-profit Winny virus was distributed, although in that case the fraud was much less sophisticated.
That the developers of such viruses eventually concocted a much more effective scheme by which they could extort money from their idiot victims is hardly surprising.