VIRUS ALERT NOTIFICATION - April 21, 2011


A new computer scam that extorts money through long-distance telephone charges is being targeted at Windows users.

Like RogueWare Security Applications, these infections will most likely get downloaded via infected websites.

The mistakenly downloaded infection (Trojan Virus) installs on their system, and displays the following message on their Windows PC:

"This copy of Windows is locked. You may be a victim of fraud or there may be an internal error."

In order to regain control of their PC, victims are instructed to “reactivate” their copy of Windows online or via Telephone. However, the infection is designed to purposely fail whenever the online option is chosen leaving the user with only one option – the telephone. Users are then given one of six numbers to dial (promising that the call is free of charge and that they will receive a special code to “reactivate” their software.)

Instead, the scammers who pretend to be Microsoft representatives forward the call to an automated call center which keeps the user on hold for several minutes, whereby racking up heavy long-distance charges.

The long-distance charges are how the scammers make their money, by billing at a call rate that is higher than reasonable.

This type of infection is known as “Ransom-Ware”, where the malware tries to extort a payment in exchange for returning control of the PC or files to the user. Although this practice has been a round for a while, new ways to perpetuate the scam appear all the time.

Make sure your PCs are up to date with the latest Windows patches, and that your Antivirus software is up to date.