Reveton changes tack, relies on fake AV
Posted on 08.08.2013
When it comes to the infamous Reveton ransomware, cyber crooks are forever coming up with additional ways to bilk money from users: pairing it up with banking Trojans, playing threatening voice messages, adding password stealing to its arsenal.

This time, Reveton does not ask for money to unlock the infected computer's desktop - in fact, it doesn't lock it at all. What it does is downloads and runs a fake AV variant - Live Security Professional - and tries to trick users into believing their computer is chock full of malware and urges them to sign up for protection (click on the screenshot to enlarge it):



The malware assures its persistence by creating a registry entry to allow itself to automatically execute whenever the system restarts, and so the user is constantly bombarded with pop-ups warning about the infections.

Users who fall for this scheme don't just lose a considerable amount of money, but are also lulled into a false sense of security.

According to ThreatTrack's Chris Boyd, this particular Reveton variant is being distributed via compromised websites hosting the Sweet Orange exploit kit.









Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //