New Internet Scam Affects Computers Through Websites

The Federal Bureau of Investigation is warning computer and internet users of a new “drive-by” virus that infects computers simply by visiting a compromised website.

“We’re getting inundated with complaints,” said Donna Gregory of the Internet Crime Complaint Center (IC3), referring to the virus known as Reveton ransomware, which is designed to extort money from its victims.

Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.

Example of monitor display when computer is infected with Reveton ransomware.

The bogus message goes on to say that the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service.

“Some people have actually paid the so-called fine,” said the IC3’s Gregory, who oversees a team of cyber crime subject matter experts. (The IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center. It gives victims an easy way to report cyber crimes and provides law enforcement and regulatory agencies with a central referral system for complaints.)

“While browsing the Internet a window popped up with no way to close it,” one Reveton victim recently wrote to the IC3. “The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”

The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011. The IC3 issued a warning on its website in May 2012. Since that time, the virus has become more widespread in the United States and internationally. Some variants of Reveton can even turn on computer webcams and display the victim’s picture on the frozen screen.

“We are getting dozens of complaints every day,” Gregory said, noting that there is no easy fix if your computer becomes infected. “Unlike other viruses,” she explained, “Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.”

The IC3 suggests the following if you become a victim of the Reveton virus:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.

Share

4 Responses

Write a Comment»
  1. Vote -1 Vote +1kennth stone

    this virus hit my computer Friday night while i was attempting to watch a music video off the Yahoo website. I know right away that it was a scam. it hit my puter and locked it up you cant do anything. it even takes longer to shut it down. i have ran several virus scans and it goes undetected.

  2. Vote -1 Vote +1Steve Homsey

    There is a simple fix for this. Boot in Safe Mode. Hit start, all programs: Under Startup click on it and delete the file, (cnmom) or something like that. Then hit start and in search type %temp% open that file and delete all the files there (there are a lot of them). It’s ok, there only temp files. Restart normally and should see your friendly screen again. Run your virus scan again just to be sure. Hope this helps.

  3. Vote -1 Vote +1Gopal Das

    I think everybody should check out the Scam Detector app. I believe they’re online as well.

  4. Vote -1 Vote +1Jordan

    The post does not say how this virus infects your computer, but I would be willing to bet it sits in the Javascript of a website. If you use Firefox, download the add on called No-Script, which will not allow any Javascript through unless you specifically tell it to, which is something you must be careful about doing.
    If you do get infected, boot your computer from a repair disk (you can buy these on Amazon for a low price) and do some deep scans. The virus will be unlikely to evade these scans, as the virus shouldn’t be running when you boot from a disk.

Leave a Comment

Your email is never published nor shared.

(required)

Connect with Facebook

(required)

Notify me of followup comments via e-mail. You can also subscribe without commenting.