The most common virus in the wild is called the Department of Justice Virus. The virus locks your computer and requests a bounty of $300 to unlock your computer and avoid government prosecution. The stories are many that have been infected and I personally have helped 4 friends and relatives (including my wife) get rid of this virus. It is polymorphic which means that no modern anti virus software can stop it from executing. It primarily enters the computer silently through a Java exploit.
Once infected, the computer is essentially useless. You can no longer execute any programs and the virus reappears after a reboot. Fortunately, it does not reappear in Safe Mode. The key to remove the virus is to reboot and Hit F8 constantly until you enter into Safe Mode. Once in Safe Mode, then try removing it using a standard AV product. Note: Since the virus is polymorphic, many AV products will not be able to remove it but you need to keep on trying.
Since the system is locked, there is not a way to get a high quality image of the virus. Many have taken camera photos of the virus, but we decided to make a high quality replicate of the virus so all the text is legible. We learned a lot by replicating the virus and hopefully you will too!
Replication of the DOJ virus. Click to see full resolutionThe first thing to notice is that the virus uses the actual seal from the Department of Justice. This is a second generation virus. Before the DOJ, the bad guys used the FBI logo. Let’s ponder this. It is certainly illegal to use these logos for non governmental purposes and they are essentially flipping their nose at the government. After all, who would be responsible for finding and punishing these people? That would be the Department of Justice and the FBI.
The DOJ “penalty” is $300. The FBI virus was charging $200 in mid 2012 and I happened to see a DOJ virus late last year for only $250. What is clear is that they are raising their prices and testing the elasticity of their market place.
As a marketing guy, it is stunning how brazen they are. They actually have a little photo of a wallet with money in it. They make no bones of the fact that they want your money! Wow!
The virus carefully details the laws that were broken focusing on child pornography and illegal copyrighted downloads. This is ingenious because most people are embarrassed to have these violations alleged against them even if they are not true. I tried to find these articles and they don’t exist. Of course, a victim would struggle to figure this out since they no longer have access to the internet.
Many people assume that the viruses are spread through pornography and illegal download sites. This is not true. The virus writers attack all kinds of web sites that happen to include pornography and download sites. We’ll have another article on how the virus writers can infect a perfectly innocent web site.
Here’s the big one. Through the same Java exploit, they also have figured out a way to turn on your web cam and display your face on the violation page. As a marketing guy myself, you really have to give these guys their props. Most people when carefully considering the facts will not fall for the DOJ virus. Now with your very own face being recorded and displayed on the page, it might be enough to shock enough people into paying the bounty.
We encourage everyone to read every word of the DOJ virus. If you do, you will find that much of the English is not quite right. You understand it but no one would talk or write that way. They are still working out the bumps. It is clear that they are incrementally improving their product and soon the English will be flawless.
As we were doing our research, we discovered another shocking fact. The DOJ virus has been translated into Swedish, German, Italian, French, Spanish and many other languages that I am not able to easily identify. I had assumed that since it has a DOJ logo that it was strictly an American virus. In addition to translating the virus into other languages, they had to change the enforcement agency, the legaleeze, and of course the method of payment.
The virus is global. Our replicate is just a snap shot in time. As I write this,, I am sure that they are improving their product. Please look carefully at the replicate so you can get a sense on their methods and motivations so that you can avoid getting caught in their net.
