Reveton Trojan Recommences
A Finland-based antivirus company, F-Secure revealed the circulation of spam messages through Reveton Trojan masquerading local police agencies and demanding heavy ransom from public.
Though many computer-savvy users have already recognized the fake message, yet the malware is claimed to integrate offensive content, as disposed from the hard drive of users that ultimately prevented them to seek external assistance.
Nevertheless, F-Secure had identified 12 such variants of the Trojans in a Ukrainian server, sufficient enough to hit the police departments of various countries like Italy, Greece, France, Germany, Spain, Lussumbergo, Sweden, Canada, the U.S., Finland, Belgium, Austria.
The solution to the crime seems to be quite easy as users are asked to pay a sum of 100 Euros through the channels PaySafe or Ukash. Further, they are also asked to obtain a Paysafecard, worth 100 Euros from a local c-store chain, R-Kioski in Finland. This technique of purchasing is made simpler and effective taking into consideration the non-technical people, who cannot directly purchase online through Webmoney or eGold.
However, in this instance, the address, email@example.com highlighted in the screenshot of the e-mail does not belong to the attackers. The domain is valid and seems to be owned by the Department of Justice.
Nonetheless, the ransomware has been active in 2011, but the Trojan has taken a toll to European computer users at the start of 2012, by locking their computers. On April 4, 2012, Trend Micro in malwareblog has also detected that the command-and-control server is contacted immediately once a user's system is affected to find out the country in which the victim resides.
As obvious, the cyber crooks are expertise and suspected to be involved in various other campaigns that rely on several forms of malware, such as Carberp, ZeuS, fake AV Trojans, and even TDSS rootkits.
Unfortunately, ransomware is a growing problem for the security industry. A number of security firms including Trend Micro, F-secure, Bitdefender and Doctor Web have recently reported many ransomware threats. For the latest threat (discussed above), security experts advised users to employ boot CD-ROM containing a Trojan over the internet for latest updates.
» SPAMfighter News - 17-04-2012