Reveton changes tack, relies on fake AV
Posted on 08.08.2013
Bookmark and Share
When it comes to the infamous Reveton ransomware, cyber crooks are forever coming up with additional ways to bilk money from users: pairing it up with banking Trojans, playing threatening voice messages, adding password stealing to its arsenal.

This time, Reveton does not ask for money to unlock the infected computer's desktop - in fact, it doesn't lock it at all. What it does is downloads and runs a fake AV variant - Live Security Professional - and tries to trick users into believing their computer is chock full of malware and urges them to sign up for protection (click on the screenshot to enlarge it):



The malware assures its persistence by creating a registry entry to allow itself to automatically execute whenever the system restarts, and so the user is constantly bombarded with pop-ups warning about the infections.

Users who fall for this scheme don't just lose a considerable amount of money, but are also lulled into a false sense of security.

According to ThreatTrack's Chris Boyd, this particular Reveton variant is being distributed via compromised websites hosting the Sweet Orange exploit kit.









Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //