Impressive new computer virus scam!

[NCIJade]

This infection is new, to me anyway, and very sophisticated. While at work today, a co-worker of mine was watching an episode of the Office through Netflix during his lunch break. Unexciting, right? Well, he said that a window flashed up briefly called "AT Manager," and the blue LED indicating his webcam was on came on briefly, and turned off. Immediately he shut down his computer and went to restart. Upon restarting, he was greeted with a frighteningly realistic looking hostage screen, not unlike those phony anti-virus windows that claim your computer has thousands of infections. It's easier if you see what I'm talking about, so here's a link that describes it, and shows how they fixed it, and how WE fixed it here at the computer shop I work at.

http://www.bleepingcomputer.com/virus-removal/remove-ap-manager-copyright-violation-alert

There isn't a screenshot of one particular screen in that link, so I'll describe it. When trying to close this window, my co-worker's computer threw up another window. In it was a screenshot of his face that had been taken when the webcam was activated briefly. It displays that picture, your IP address, and gives you a form to fill out and submit in order to avoid any further legal action taken against you.

Now, being computer technicians ourselves, it was more amusing and impressive than it was frightening, but I can very easily put myself in the shoes of your average computer user, seeing MY OWN FACE staring back at me and a form that threatens litigation if I don't comply and fill it out. I'm sure they will get a LOT of people with this, so I wanted to make the population of E very aware of it. THIS IS A SCAM. Do not give them one stitch of information. You will at best end up shelling out some $50 bucks to some overseas corporation who's business model is "scare the money out of people." At worst, you could hand over your identity to someone with very malicious intent. It all looks very official and very legitimate. The IP address will be accurate, and it will obviously be a picture of you taken with your own webcam, but as far as we understand, it doesn't actually transmit any information until you click Submit on the form.

The link above explains perfectly exactly what we did and what you can do to remove this infection from your system. My co-worker ran Malwarebytes in Safe Mode, cleaned the infection, and went about using his laptop as though nothing had ever happened.

This is, as I said, a new infection to us. I'd not seen nor heard of it before, and it taking a picture of you with your own equipment is definitely unsettling. They know it is; they bank on it. Just wanted to make E aware of this infection, and hopefully prevent these bastards from making one red cent off of us.