'Trojan' software extorts money with fake legal threat

Fraud investigators are warning of a new variant of a malicious software "Trojan" that extorts money from users by claiming to deliver a message from CSIS or the RCMP.

Reveton Trojan demands $100 to pay 'fine' for music downloading

A screenshot shows the fake CSIS message that pops up on a computer infected with the Reveton Trojan. (F-Secure)

RCMP fraud investigators are warning of a new variant of a malicious software "Trojan" that extorts money from users by claiming to deliver a message from law enforcement officials.

The Reveton Trojan, once downloaded and activated, causes computers to seize and display a fraudulent message purporting to come from the RCMP, CSIS, FBI or some other law-enforcement agency.

A Trojan is software that often masquerades as a legitimate and useful or desired file or program.

Once downloaded onto a computer, it can attempt to take over the computer, steal information or replicate itself.

Its name is derived from the Trojan Horse of Greek mythology, the "gift" from the Greeks to the Trojans, allowing Greek soldiers hiding in the horse to get inside the gates of Troy.

The first examples of the scam in Canada earlier this year purported to be from CSIS. After the computer freezes, a pop-up message appears saying the computer has been linked to the downloading of child pornography. It tells users they can unfreeze their computer by making a $100 payment through an online channel such as Ukash or PaySafe.

Daniel Williams, an RCMP officer with the Canadian Anti-Fraud Centre in North Bay, Ont., said the scammers have now moved on from their original scenario.

"More recently they've been claiming that the illegal behaviour the consumer is accused of is downloading music," said Williams.

"The consumer's computer is locked, and they're being requested to send a fee of $100 by Ukash in order to have their computer freed up," said Williams.

Paying fee solves nothing

Paying the fee doesn't free up the computer, which remains infected with malware. People whose computers are infected with the Trojan will need to find and remove the software or get a computer technician to assist them before the computer can resume operation.

Williams said that it might seem far-fetched that the RCMP would offer to unlock a child pornographer's computer in exchange for an internet payment of $100, but the scammers are counting on the initial shock of the criminal allegation to addle people's normal reasoning.

The Finland-based security firm F-Secure first identified the Reveton Trojan and said "ransomware" variations of it have been seen in Canada, the United States and across Europe.