Reveton is identified as drive-by malware because contrary to many viruses—which trigger once users open a file or attachment—this one can install itself when users merely click on a compromised website. When infected, the victim’s computer instantly locks, and the monitor reveals a screen saying there has been a violation of federal law.
The fake message carries on to allege that the user’s Internet address was discovered by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been affiliated with child pornography sites or additional illegal online activity.
While browsing the Internet a window popped up with no way to close it,” one Reveton victim recently wrote to the IC3.
“The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age pxxn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
The Reveton computer virus, deployed by hackers in concurrence with Citadel malware—a software delivery platform that can broadcast diverse kinds of viruses—first came to the attention of the FBI in 2011. The IC3 published a cautionary message on its website in May 2012.
The IC3 advises the following if you become a victim of the Reveton virus:
- Do not pay any money or provide any personal information.
- Contact a computer professional to remove Reveton and Citadel from your computer.
- Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
- File a complaint and look for updates about the Reveton virus on the IC3 website.