Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Trusteer Uncovers Fresh Reveton Malware Strain

One fresh Reveton Trojan variant has been uncovered at Trusteer, the security company. The malware's operation reportedly occurs through the Citadel environment.

At present, it is difficult to say for sure whether scam operations using the Reveton, which manipulated agencies of law enforcement's names, continue to be similarly effective like before. However, the scammers apparently have taken it a step ahead, this time exploiting the Department-of-Justice's (DOJ) name and goodwill for frightening victims into giving away the so-called monetary penalties.

Explaining how the particular scam works, security researchers from Trusteer said that at first a potential victim was made to go to one compromised website, which was modified in a manner to plant drive-by downloads. Thereafter, one malware-installer planted the Citadel malicious software that linked up with the central C&C (command-and-control) system, which provided it the configuration file.

The Reveton, after getting loaded onto the victim's PC, blocked the host computer, while exhibited one alert telling the end-user that he had breached the United Stated Federal Law. It further told that the Computer Crime & Intellectual Property Cell detected the contaminated PC's Internet Protocol address as having accessed illegitimate content or child porn bearing websites.

If the victim wants to free his PC, he must deposit $100 in fine with the United States DOJ through card services handling pre-paid money-transfers. Depending on where the IP address of the victimized PC is located, the options for the pre-paid service get offered. For instance, end-users whose machines utilize the United States IP addresses are asked to pay through PaySafeCard alternatively MoneyPack.

Moreover, irrespective of what secondary payload the Reveton ransom malware unleashes, Citadel keeps running automatically on the hijacked PC.

Thus, according to the researchers, scammers can utilize the Reveton for executing credit card or Internet-banking fraud via triggering off Citadel's keystroke logging, man-in-the-browser, as also other malevolent methods.

Overall, CTO Amit Klein of Trusteer states that the above clearly indicates that there has been accomplished certain degree of technical sophistication in financial malware that facilitates these software programs in the utilization of practically all kinds of cyber-assaults. Softpedia.com published this dated May 1, 2012.

Related article: TRUSTe Certified Websites May Still Contain Malware

ยป SPAMfighter News - 10-05-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next