Computer virus convinces users they've viewed child porn and must pay a $100 fine

Illustration for article titled Computer virus convinces users they've viewed child porn and must pay a $100 fine

There are still a lot of really stupid people on the internet, judging from the latest scam the FBI just warned against. An existing computer virus, called Citadel, has been repurposed as scam-ware, which notifies users that they've been caught looking at child porn and must pay a $100 fine to get off the hook.

Advertisement

Here's how it works: Users are lured into going to a URL for a "drive-by download" website, which installs a Trojan (called Reveton) onto their machine using the Citadel platform. This Trojan then freezes their computer and displays a warning screen (pictured above) notifying the user that "the user's IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content." And they have to pay $100 to the Federal Government, via credit card or wire transfer, to clear their record.

I don't know what's the most insane part of this: That someone would be dumb enough to think a $100 fine would be enough to wipe out charges of kiddie-porn possession, or that someone would be dumb enough to enter their credit card information into a random screen that claims to be from the government. You would have to have an insanely low opinion of our government to believe that it would operate this way.

This warning comes from the Internet Complaint Crime Center (IC3), which is made up of the FBI and other agencies. The alert warns:

In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.... This is an attempt to extort money with the additional possibility of the victim's computer being used to participate in online bank fraud. If you have received this or something similar do not follow payment instructions.

And this very much feels like a Crime of the Future, something that would have been thrown in as a weird detail in a cyberpunk novel of the late 1980s. [IC3 via SC Magazine]

DISCUSSION

lightninglouie
lightninglouie

You would have to have an insanely low opinion of our government to believe that it would operate this way.

I'm guessing many of these victims have an insanely low opinion of themselves.

A lot of phishing methods operate on the premise that people really want to be thought of as honest, prudent, and decent, and if their integrity is challenged by an authority figure, even a transparently fake one, the need to demonstrate their innocence will trump common sense or caution. (Especially if it means something as simple as paying a flat fee.) I'm reminded of the early AOL scams, in which phishers would send out fake emails telling subscribers that they were behind on their payments and at risk of disconnection; instead of contacting AOL's billing department directly, a lot of people meekly went ahead and handed over their credit card information. They didn't want to lose their service, but they didn't want to be seen as deadbeats.

Given the severity of the crime and the enormous stigma it carries, I imagine that most of the people who paid the "fine" felt that they were getting off scott free, even if they they were completely innocent. $100 probably seems like a fair price to prove to the government (and the world at large) that you're not into child porn, and certainly cheaper than legal counsel.