'Trojan' software extorts money with fake legal threat

07/05/2012 06:05 EDT | Updated 09/04/2012 05:12 EDT
RCMP fraud investigators are warning of a new variant of a malicious software "Trojan" that extorts money from users by claiming to deliver a message from law enforcement officials.

The Reveton Trojan, once downloaded and activated, causes computers to seize and display a fraudulent message purporting to come from the RCMP, CSIS, FBI or some other law-enforcement agency.

The first examples of the scam in Canada earlier this year purported to be from CSIS. After the computer freezes, a pop-up message appears saying the computer has been linked to the downloading of child pornography. It tells users they can unfreeze their computer by making a $100 payment through an online channel such as Ukash or PaySafe.

Daniel Williams, an RCMP officer with the Canadian Anti-Fraud Centre in North Bay, Ont., said the scammers have now moved on from their original scenario.

"More recently they've been claiming that the illegal behaviour the consumer is accused of is downloading music," said Williams.

"The consumer's computer is locked, and they're being requested to send a fee of $100 by Ukash in order to have their computer freed up," said Williams.

Paying fee solves nothing

Paying the fee doesn't free up the computer, which remains infected with malware. People whose computers are infected with the Trojan will need to find and remove the software or get a computer technician to assist them before the computer can resume operation.

Williams said that it might seem far-fetched that the RCMP would offer to unlock a child pornographer's computer in exchange for an internet payment of $100, but the scammers are counting on the initial shock of the criminal allegation to addle people's normal reasoning.

The Finland-based security firm F-Secure first identified the Reveton Trojan and said "ransomware" variations of it have been seen in Canada, the United States and across Europe.