The so called ‘FBI Virus’ has come back with a vengence and appears to be using well known and highly publicized vulnerabilities in Adobe products and Java to propagate. If you have a computer and are not 100% certain that you are up-to-date, use the links at the bottom of this email to make certain.
What it is? – The premise is simple. Attackers scare victims into giving up money valuable information by convincing them that the FBI or DHS is somehow ‘after them’. Typically, the intended victim gets a virus that causes a ‘splashscreen’ to pop up on their computer with an official looking seal (traditionally FBI but, according to US CERT, they’re using DHS now) and a warning that, if the intended victim doesn’t pay up, they are going to be arrested, thrown in jail, forced to watch Dancing with the Stars or some other awful thing (ok, I made that last one up).
How do I get it? – The overwhelming majority of the cases that we have seen have been the result of an attacker using a Java exploit. Basically, the victim has an old version of Java on their computer and an attacker is able to exploit that old version of Java to install the virus.
What other information do I need to know? The US CERT (United States Computer Emergency Readiness Team) has provided a number of articles with additional details. The latest is available here.
Adobe Updates – https://www.adobe.com/downloads/updates/
Java Updates – http://www.java.com/en/download/