Thursday, May 30, 2013

Cyber Criminals FBI Virus Strikes in Alabama

 


FBI Virus Strikes in Alabama
Recently, we’ve been getting a large volume of calls due to a “drive by” virus on the Internet, and it often carries a fake message and fine purportedly from the FBI. This new internet scam has been around since July or August of 2012, but has recently been very active here in Alabama.
It is called the FBI Moneypak Ransom-ware Virus.
The FBI Moneypak virus (FBI virus, Citadel Reveton) is ransom-ware disguised as the Federal Bureau of Investigation that uses Trojans (Trojan.Ransomlock.R) to lock computer systems. The FBI virus alleges the computer has been involved in illegal activity and cyber crimes by the FBI (alleging downloading or distributing copyrighted material or viewing child pornography, etc.) It then demands a fine of $100 or $200 to be paid in order to unlock the computer system within an allotted time by use of Moneypak or Green Dot cards. Green Dot Moneypak cards are prepaid debit cards that can be purchased at Walmart, Walgreens, CVS etc.
The FBI Moneypak ransom-ware virus also states on the fake FBI screen that the computer owner may receive jail time if a fine is not paid. Be aware that this is malware and the claims made by this virus are not true, and the computer owner is not in trouble with the FBI. Paying the fine using Moneypak cards will not fix this malware or make it go away.
The FBI virus causes the computer system to lock, not allowing the user to access the computer’s desktop, or access the internet. Once the computer is infected the user is directed to a fraudulent FBI screen. The fraudulent FBI page, screen or website details an alert message that reads:
“Attention! Your PC is blocked due to at least one of the reasons specified below”
What follows on the screen is a lot of legal criminal codes that the computer user has supposedly violated, and a time frame for paying the fine that will unlock the computer.
When the computer user is taken to the fake FBI drive-by download website page, a video screen, which is streamed from the users connected webcam is displayed as “recording”. If the computer does not have a web cam connected, the video screen will appear blank but will still show as “recording”. The FBI virus and malware is capable of recording through a webcam attached or built in to the infected computer.
The FBI Moneypak virus may cause installed Antivirus software to malfunction. Anti Malware and Antivirus programs can be used to scan and remove the FBI Moneypak virus but in many cases the infection has progressed far enough to disable the removal software. There are steps around this, such as booting the system in safe mode or restoring the computer to an earlier time, unplugging from the internet, denying Adobe Flash, using a bootable CD/DVD, or slaving the hard drive to an unaffected machine for cleaning.
If you are infected with ransom-ware such as the FBI virus your personal and private material and computer system functionality is already at a very high risk. If the infected computer is powered ON and connected to the internet, Trojans have complete control of the computer and every piece of data stored on it.
The virus is very persistent and can be tricky for an average computer user to get rid of. Please make sure your antivirus is up to date to thwart this type of malware.
The Internet Crime Complaint Center suggests the following for those who become a victim of the Reveton virus:
  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website, or your local computer repair centers website.
UPDATE: May 31, 2013

FBI issues cyber security warning to all users of Microsoft Internet Explorer 8

Computer Doctor is urging all consumers and businesses to pay close attention to the Cyber Security Advisory issued by the Federal Bureau of Investigation (FBI) regarding a vulnerability in Microsoft's Internet Explorer 8 browser (IE8) that could allow scammers to access and take over users' computers. The risk for all users – home, business and government – is high, and the Computer Doctor is urging anyone with IE8 to follow the recommended steps to address the problem.

The problem was first announced May 9, 2013 and and on May16, 2013 Microsoft released a temporary fix. Here is the original overview from the FBI:
   
 "A vulnerability has been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Exploitation may occur if a user visits or is redirected to a web page which is specifically crafted to take advantage of the vulnerability. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition."
The FBI is recommending this fix... a workaround provided by CERT:
http://technet.microsoft.com/en-us/security/advisory/2847140

Microsoft is working on a patch to undo the vulnerability, which does not affect other versions of IE.

"Computer Doctor recommends that everyone with Internet Explorer 8 apply the temporary fix immediately," said James Moore, Owner and general manager of Computer Doctor locations throughout central Alabama. "If you are not sure which version you have, try running the fix. If you don't have IE8, the fix will stop running and let you know that your system is not at risk. Microsoft will let you know when the patch is available, and you need to download that as soon as it is."
"This is a good opportunity for Computer Doctor to reinforce how critical it is to maintain up-to-date anti-virus software on every computer, tablet and smart phone connected to the internet," Moore added. "Consumers also need to be extremely cautious when clicking on links in email and social media messages, or opening email attachments. Scammers are very sophisticated in their techniques, and the results can be devastating: identity theft, loss of personal data, bank and credit card fraud. If you are not sure, don't click."
More information, visit links below
News Report  Video