The FBI Virus, Captured

by Jerry Stern


The FBI Virus, the FBI’s latest alleged malware, crossed my workbench this week. The so-called, and mislabeled, FBI Virus, isn’t a virus, and it’s not from the FBI.

The FBI virus is a little different than most malware–it adds the IP address and geographical location and the current user name to an on-screen blackmail threat, and asks for a highly-untraceable payment of $300 to return control of the computer. It stores that information–the screen image was taken while the infected PC was disconnected from any network.

Cleanup is of intermediate difficulty, widely published elsewhere. This is a routine removal for any computer repair tech, but it requires booting & scanning from some device other than the infected drive, so it’s not something most PC owners can clean up themselves.

Prevention: Keep all patches up to date, but in particular, outdated Adobe Flash plugins seems to be the entry opportunity that applied to this infection.