Trusteer Uncovers Fresh Reveton Malware Strain
One fresh Reveton Trojan variant has been uncovered at Trusteer, the security company. The malware's operation reportedly occurs through the Citadel environment.
At present, it is difficult to say for sure whether scam operations using the Reveton, which manipulated agencies of law enforcement's names, continue to be similarly effective like before. However, the scammers apparently have taken it a step ahead, this time exploiting the Department-of-Justice's (DOJ) name and goodwill for frightening victims into giving away the so-called monetary penalties.
Explaining how the particular scam works, security researchers from Trusteer said that at first a potential victim was made to go to one compromised website, which was modified in a manner to plant drive-by downloads. Thereafter, one malware-installer planted the Citadel malicious software that linked up with the central C&C (command-and-control) system, which provided it the configuration file.
The Reveton, after getting loaded onto the victim's PC, blocked the host computer, while exhibited one alert telling the end-user that he had breached the United Stated Federal Law. It further told that the Computer Crime & Intellectual Property Cell detected the contaminated PC's Internet Protocol address as having accessed illegitimate content or child porn bearing websites.
If the victim wants to free his PC, he must deposit $100 in fine with the United States DOJ through card services handling pre-paid money-transfers. Depending on where the IP address of the victimized PC is located, the options for the pre-paid service get offered. For instance, end-users whose machines utilize the United States IP addresses are asked to pay through PaySafeCard alternatively MoneyPack.
Moreover, irrespective of what secondary payload the Reveton ransom malware unleashes, Citadel keeps running automatically on the hijacked PC.
Thus, according to the researchers, scammers can utilize the Reveton for executing credit card or Internet-banking fraud via triggering off Citadel's keystroke logging, man-in-the-browser, as also other malevolent methods.
Overall, CTO Amit Klein of Trusteer states that the above clearly indicates that there has been accomplished certain degree of technical sophistication in financial malware that facilitates these software programs in the utilization of practically all kinds of cyber-assaults. Softpedia.com published this dated May 1, 2012.
Related article: TRUSTe Certified Websites May Still Contain Malware
» SPAMfighter News - 10-05-2012