Reveton impersonates FBI, claims to record users' illegal activities
Posted on 03.12.2012
The deadly combination of the Citadel malware and the Reveton ransomware is still widely used to steal information and money from uninformed users, the Internet Crime Complaint Center (IC3) warns.

The Citadel malware - a banking Trojan that is based on Zeus Trojan's source code and whose creators have adopted a Software-as-a-Service approach when it comes to the modifications of the crimeware kit that produces its variants - lures users to websites that deliver Reveton via drive-by download.

Once the ransomware is installed, it freezes the victims' computer and shows a message supposedly coming from the IC3:

The message claims that the users' computer has been blocked because they "violated U.S. Federal Law" by accessing illegal content such as child pornography.

The criminals behind the scheme try to create a sense of urgency and danger in order to make users act rashly, so the message also claims that the users' computer activity is being recorded using audio, video, and other devices.

To make the accusations go away and to unlock their computer, the victims are urged to pay a fine using prepaid money card services such as MoneyPak, Ukash, and others.

"This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction," the IC3 warns.

The ransomware can be removed without paying the "fine", but users are advised to check their systems for the Citadel malware, too, as their personal, financial and login information can be collected and used by cyber crooks to execute identity theft and credit card fraud.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th