The FBI is warning computer users of an Internet scam that freezes computers immediately and may leave behind malware that can operate in the background unnoticed.
The virus is described as drive-by malware, also known as the Reveton ransomware, because it differs from other viruses, which are activated by opening a file or attachment. Reveton can install itself when a user clicks on a compromised website, the FBI said in a statement.
The infected computer immediately locks, and a bogus message pops up saying that the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section identified the users Internet address is associated with illegal activity—such as child pornography—and to unlock the computer the user must pay a fine using a prepaid money card service, according to a statement from the FBI.
“While browsing the Internet a window popped up with no way to close it,” one Reveton victim wrote to the Internet Crime Complaint Center. “The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
The Internet Crime Complaint Center (IC3) is being inundated with complaints about the scam, according to Donna Gregory of the complaint center.
“Some people have actually paid the so-called fine,” Gregory said in a statement.
The virus does not have an easy fix, she said.
“Unlike other viruses,” she said, “Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.”
First identified by the FBI in 2011, Reveton is used by hackers along with Citadel malware and operates as a software delivery platform that is able to deliver various kinds of viruses. It has become more widespread in recent months in the U.S. and internationally with some variants of Reveton able to turn on computer webcams and display a picture of the victim on the frozen screen.
The IC3 offers the following tips to those who think they may be infected by the Reveton virus:
- Do not pay any money or provide any personal information.
- Contact a computer professional to remove Reveton and Citadel from your computer.
- Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
- File a complaint and look for updates about the Reveton virus on the IC3 website.