Recently, we’ve been getting a large volume of calls due to a “drive by”
virus on the Internet, and it often carries a fake message and fine
purportedly from the FBI. This new internet scam has been around since
July or August of 2012, but has recently been very active here in Alabama.
It is called the FBI Moneypak Ransom-ware Virus.
The FBI Moneypak virus (FBI virus, Citadel Reveton) is ransom-ware
disguised as the Federal Bureau of Investigation that uses Trojans
(Trojan.Ransomlock.R) to lock computer systems. The FBI virus alleges
the computer has been involved in illegal activity and cyber crimes by
the FBI (alleging downloading or distributing copyrighted material or
viewing child pornography, etc.) It then demands a fine of $100 or $200
to be paid in order to unlock the computer system within an allotted
time by use of Moneypak or Green Dot cards. Green Dot Moneypak cards are
prepaid debit cards that can be purchased at Walmart, Walgreens, CVS
The FBI Moneypak ransom-ware virus also states on the fake FBI screen
that the computer owner may receive jail time if a fine is not paid. Be
aware that this is malware and the claims made by this virus are not
true, and the computer owner is not in trouble with the FBI. Paying the
fine using Moneypak cards will not fix this malware or make it go away.
The FBI virus causes the computer system to lock, not allowing the user
to access the computer’s desktop, or access the internet. Once the
computer is infected the user is directed to a fraudulent FBI screen.
The fraudulent FBI page, screen or website details an alert message that
“Attention! Your PC is blocked due to at least one of the reasons specified below”
What follows on the screen is a lot of legal criminal codes that the
computer user has supposedly violated, and a time frame for paying the
fine that will unlock the computer.
When the computer user is taken to the fake FBI drive-by download
website page, a video screen, which is streamed from the users connected
webcam is displayed as “recording”. If the computer does not have a web
cam connected, the video screen will appear blank but will still show
as “recording”. The FBI virus and malware is capable of recording
through a webcam attached or built in to the infected computer.
The FBI Moneypak virus may cause installed Antivirus software to
malfunction. Anti Malware and Antivirus programs can be used to scan and
remove the FBI Moneypak virus but in many cases the infection has
progressed far enough to disable the removal software. There are steps
around this, such as booting the system in safe mode or restoring the
computer to an earlier time, unplugging from the internet, denying Adobe
Flash, using a bootable CD/DVD, or slaving the hard drive to an
unaffected machine for cleaning.
If you are infected with ransom-ware such as the FBI virus your personal
and private material and computer system functionality is already at a
very high risk. If the infected computer is powered ON and connected to
the internet, Trojans have complete control of the computer and every
piece of data stored on it.
The virus is very persistent and can be tricky for an average computer
user to get rid of. Please make sure your antivirus is up to date to
thwart this type of malware.
The Internet Crime Complaint Center suggests the following for those who become a victim of the Reveton virus:
Do not pay any money or provide any personal information.
Contact a computer professional to remove Reveton and Citadel from your computer.
aware that even if you are able to unfreeze your computer on your own,
the malware may still operate in the background. Certain types of
malware have been known to capture personal information such as user
names, passwords, and credit card numbers through embedded keystroke
FBI issues cyber security warning to all users of Microsoft Internet Explorer 8
Computer Doctor is urging all consumers and businesses
to pay close attention to the Cyber Security Advisory issued by the
Federal Bureau of Investigation (FBI) regarding a vulnerability in Microsoft's
Internet Explorer 8 browser (IE8) that could allow scammers to access
and take over users' computers. The risk for all users – home, business
and government – is high, and the Computer Doctor is urging anyone with IE8 to follow
the recommended steps to address the problem.
The problem was first announced May 9, 2013 and and on May16, 2013 Microsoft
released a temporary fix. Here is the original overview from the FBI:
"A vulnerability has been discovered in Microsoft's web browser,
Internet Explorer, which could allow an attacker to take complete
control of an affected system. Exploitation may occur if a user visits
or is redirected to a web page which is specifically crafted to take
advantage of the vulnerability. Successful exploitation of this
vulnerability could result in an attacker gaining the same privileges as
the logged on user. Depending on the privileges associated with the
user, an attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Failed exploit
attempts may result in a denial-of-service condition."
Microsoft is working on a patch to undo the vulnerability, which does not affect other versions of IE.
"Computer Doctor recommends that everyone with Internet Explorer 8 apply the
temporary fix immediately," said James Moore, Owner and general manager of Computer Doctor locations throughout central Alabama. "If you are not sure
which version you have, try running the fix. If you don't have IE8, the
fix will stop running and let you know that your system is not at risk.
Microsoft will let you know when the patch is available, and you need to
download that as soon as it is."
"This is a good opportunity for Computer Doctor to reinforce how critical it is
to maintain up-to-date anti-virus software on every computer, tablet
and smart phone connected to the internet," Moore added. "Consumers
also need to be extremely cautious when clicking on links in email and
social media messages, or opening email attachments. Scammers are very
sophisticated in their techniques, and the results can be devastating:
identity theft, loss of personal data, bank and credit card fraud. If
you are not sure, don't click."