Saturday, January 19, 2013
Ransom Computer Virus Infection Spreading
There has been a recent computer virus outbreak that has been infecting an increasing number of computers. This virus is installed through java by visiting an infected website. The website may be a legitimate website and normally trustworthy but has been illegally modified to distribute the virus.
When a computer becomes infected by the Ransom Virus (aka: Police Virus and FBI Virus), the hard drive becomes encrypted by the virus. The activities of the virus take affect after the computer has been restarted. After you login (if your computer requires a login) you will be prompted with a screen notifying you that your PC has been blocked due to one of the reasons in a list it supplies. The message states that you must pay a fine in order to regain access to your computer (usually $100, but has been seen as high as $500). Your computer will become locked until the virus has been removed. The information on the computer is at risk of being downloaded and used by the developers of the virus (including financial and personal information, usernames, and passwords).
The most common transmission methods of this virus include Software/Media Pirating Sites and software, P2P (Peer-to-Peer) Software, sites with streaming videos and music, social media websites, and gaming websites. There is no set list of sites that are infected with the virus and once webmasters (or website owners) are aware of an infection, measures are taken to remove the virus to prevent further spread.
At the time of this post, the only known methods of removing the virus is to connect the hard drive to a 2nd computer that is not infected with the virus and scanning the hard drive using up-to-date virus scanners and malware scanners. There have been some reports where even this option does not resolve the issue, resulting in the hard drive having to be erased and reinstalling windows.
Oracle (the creators of Java) have released an update to block the exploit being used by the virus. The update is available from http://www.java.com/download. To read the report from Oracle, please visit http://www.oracle.com/
technetwork/topics/security/ alert-cve-2013-0422-1896849. html.
Posted by Solomon's words for the wise at 1/19/2013 08:43:00 PM