• June 18, 2013

WRDW - Scitech - Headlines

12 On Your Side: FBI virus kidnapping computers

Print
By: Elizabeth Owens Email
Updated: Fri 11:41 AM, Feb 01, 2013

News 12 at 11 o'clock / Thursday, Jan. 30, 2013

AUGUSTA, Ga. (WRDW) -- Cyber criminals are extorting residents of the CSRA through very frightening malware.

Just imagine your computer freezes, then what appears to be an FBI agent begins sending you messages and even gains control of your Web cam to tape you. That's exactly how a group of bad guys are getting money from people.

"It's kind of shocking. Kind of intimidating," said David Shaver about the ominous message on his laptop. "It looked legit. It looked legit definitely."

Shaver was paying a few bills online when what appeared to be an FBI warning popped up across his screen.

"It's like the real FBI symbol and label and it's worded very scholarly," Shaver stated.

Even more frightening, the so-called FBI page told him they were recording him through his Web cam, which suddenly turned on.

"Pay, I forget, $250 and send it to this address and we will remove it," he said about the warning.

It didn't take him long to figure out it was a scary combination of a scam and virus.

"What it does is it completely hijacks your computer. It's essentially called ransom wear. It kidnaps your computer," John Delgenio said.

The Computer Exchange employee says he sees at least half a dozen computers infected by the FBI virus a week.

"Once it takes control of your computer, it locks you out of everything you can do. In addition, it tries to scare you. It puts up all these scary warnings that are supposedly from the FBI," Delgenio said.

Unfortunately, many have fallen for the sneaky scary wording, mainly senior citizens.

"The trick is, it's just a scam -- once you pay the money, you're still infected, you're going to get hit again," Delgenio said.

The scam is so widespread that the real FBI sent out a warning about it.

"The Internet is just as dangerous as walking into Baghdad; you can get hurt on it," Delgenio said.

You can protect your computer by making sure Windows and Java are kept up to date. Also, you want install spyware on your computer and run it at least biweekly.

If your computer is infected, you need to take it to a computer expert.

Have information or an opinion about this story? Click here to contact the newsroom.

Copyright WRDW-TV News 12. All rights reserved. This material may not be republished without express written permission.

Obama budget slashes MOX funding, says project "may be unaffordable"
WRDW.com is happy to provide a forum for commenting and discussion. Please respect and abide by the house rules:

Keep it clean, keep it civil, keep it truthful, stay on topic, be responsible, share your knowledge, and please suggest removal of comments that violate these standards.
powered by Disqus

Virus Alerts from Viruslist.com

  • Trojan-Ransom.Win32.Gpcode.ax

    Kaspersky Lab warns users about the emergence online of a new version of the Gpcode ransomware program.

    The program spreads via malicious websites and P2P networks.

    Kaspersky Lab products detect the program as Trojan-Ransom.Win32.Gpcode.ax.

    You can read more on our blog.
  • Email-Worm.Win32.VBMania

    Kaspersky Lab is monitoring a new email worm which is currently spreading. Emails spreading the worm say “Here you have” in the subject line.

    We detect the worm as Email-Worm.Win32.VBMania.

    While the servers hosting related downloads have been taken down, we are keeping customers updated and protected against any new variants.



  • Net-Worm.Win32.Kido
    Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.

    Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.

    Net-Worm.Win32.Kido exploits a critical vulnerability (MS08-067) in Microsoft Windows to spread via local networks and removable storage media.

    The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.

    Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

    Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here.

  • Virus.Win32.Gpcode.ak
    Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

    Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

    The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

    After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

    Your files are encrypted with RSA-1024 algorithm.
    To recovery your files you need to buy our decryptor.
    To buy decrypting tool contact us at: ********@yahoo.com

    Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

    Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

    Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

    If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted.

    For more information about the malicious program, please read our weblog.

  • Email-Worm.Win32.Warezov.nf
    Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf.

    Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf. At 8.00 Moscow Standard Time, 19 April 2007, 70-85% of the malicious content in mail traffic consisted of various forms of a new modification of Warezov - the Warezov.nf worm.

    A few hours before this point, there was a noticeable increase in mail traffic of an earlier modification of Warezov - Warezov.do which featured in the October 2006 Top 20.

    If you are using Kaspersky Anti-Virus 6.0 or Kaspersky Internet Security 6.0 with Proactive Protection turned on, new variants will be detected without the need to update your antivirus databases.

    A full description of Email-Worm.Win32.Warezov.nf is now available in the Virus Encyclopaedia.

AdFusion Technology News
Mailing Address: P.O. Box 1212 Augusta, GA 30903 Main Telephone: (803) 278-1212 Newsroom: (803) 278-3111 Fax: (803) 442-4561
Gray Television, Inc. - Copyright © 2002-2013 - Designed by Gray Digital Media - Powered by Clickability
User Agent: CCBot/2.0 - 189299541