It isn't every day that a federal agency warns citizens about itself.
But that's what the Internet Crime Complaint Center had to do last week, when the agency issued a statement advising Americans to watch out for statements from — the Internet Crime Complaint Center.
"A new extortion technique is being deployed by cyber-criminals using the Citadel malware platform to deliver Reveton ransomware," the genuine statement reads. "The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators."
Ransomware, also known as police Trojans, uses the threat of law-enforcement action to scare gullible victims into coughing up cash to "free" their data, pay off fines or otherwise get out of a bad-looking, but ultimately bogus, situation.
Victims become infected via a drive-by download from a malicious website, to which they're lured by a phishing email, bogus search-engine result or a shortened Twitter link.
The malware doesn't stop at extortion. In addition to the Reveton ransomware, the malicious download also installs the Citadel malware, which waits in the wings in order to squeeze more money out of its victims by stealing sensitive data such as credit-card details.
Criminals use the name of the Internet Crime Complaint Center, or IC3, a partnership between the FBI and the National White Collar Crime Center, to instill "a fear of prosecution," the FBI explained.
Combination malware like this is becoming much more common, a representative from computer security company Symantec told CSO Online, predicting that bugs like Reveton would surpass fake anti-virus threats as the most common form of malicious code by 2013.