Beware of New Drive-by Malware Attacks
Citadel “Reveton” Ransomware Attempts to Extort Money
The Internet Crime Complaint Center (IC3) and the FBI have issued a warning for a new Citadel malware platform being used to deliver a ransomware package named Reveton. Citadel malware is a black market software package used by scammers to create and deliver Trojan viruses and other malicious software.
This current ransomware, Reveton, lures victims to a drive-by download website where the malware downloads and installs on the users computer without their knowledge or consent. After the malware installs, the infected computer freezes and displays a screen warning the user they have violated United States federal law. The message also states that the Computer Crime & Intellectual Property Section identified the user's IP address as having visited child pornography and other illegal content. >
The user is then instructed to pay a $100 fine to the U.S. Department of Justice to unlock their computer. Payment is to be made using a prepaid money card service. This form a payment is used to avoid detection by true law enforcement agencies. The geographic location of the user's IP address lets the scammers determine what payment services are offered.
Besides installing the Reveton ransomware, the Citadel malware operates on the compromised computer allowing it to commit online banking and credit card fraud. So this new Citadel malware attempts to extort money and open the door to the possibility of using the victim's computer for online bank fraud.
To keep yourself safe:
- Be sure your anti-virus software is up to date, and use it
- Only follow links sent to you by people you know and trust
If you do or have received this or other similar malware - do not follow any payment instructions. Instead, you should:
- Contact your banking institutions
- File a complaint at www.IC3.gov
Published July 10, 2012
Updated July 12, 2012