This time, Reveton does not ask for money to unlock the infected computer's desktop - in fact, it doesn't lock it at all. What it does is downloads and runs a fake AV variant - Live Security Professional - and tries to trick users into believing their computer is chock full of malware and urges them to sign up for protection (click on the screenshot to enlarge it):
The malware assures its persistence by creating a registry entry to allow itself to automatically execute whenever the system restarts, and so the user is constantly bombarded with pop-ups warning about the infections.
Users who fall for this scheme don't just lose a considerable amount of money, but are also lulled into a false sense of security.
According to ThreatTrack's Chris Boyd, this particular Reveton variant is being distributed via compromised websites hosting the Sweet Orange exploit kit.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.