This time, Reveton does not ask for money to unlock the infected computer's desktop - in fact, it doesn't lock it at all. What it does is downloads and runs a fake AV variant - Live Security Professional - and tries to trick users into believing their computer is chock full of malware and urges them to sign up for protection (click on the screenshot to enlarge it):
The malware assures its persistence by creating a registry entry to allow itself to automatically execute whenever the system restarts, and so the user is constantly bombarded with pop-ups warning about the infections.
Users who fall for this scheme don't just lose a considerable amount of money, but are also lulled into a false sense of security.
According to ThreatTrack's Chris Boyd, this particular Reveton variant is being distributed via compromised websites hosting the Sweet Orange exploit kit.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.