Reveton Ransomware now Tasked with Stealing Passwords
Microsoft, recently, issued an alert that the sinister ransomware called Reveton Trojan, which blocks end-users' access to their PCs till the time they meet the payment demanded to hackers for eliminating the malware and reinstating the system, now featured another capability that of scanning and grasping all of the victim's passwords, published redmondmag.com dated May 20, 2013.
The software giant explains that the new trick is advantageous to cyber-criminals in that even though the Trojan may get eliminated with an anti-virus and the user too doesn't get trapped in the extortion attack, still the hackers at least manage in obtaining the passwords.
Stefan Sellmer, Security Researcher at Microsoft writes that when Reveton is loaded onto any system it begins communicating with its central C&C (command-and-control) structure. Redmondmag.com published this. The Trojan also takes down information regarding the host computer's Internet Protocol address, its Internet Service Provider, country-and-city of origin.
Meanwhile, as the Trojan becomes active and steals the user's information, it plants and executes a DLL, simultaneously, which freezes the screen until the demanded money is paid. Additionally, the ransomware executes the module that steals passwords while hiding in memory.
Importantly Sellmer, by analyzing the Reveton malware's password-stealer component, found that the theft occurred from an all-inclusive collection of file installers, File Transfer Protocol, remote control programs, e-mail clients, chat and poker, along with browser-stored passwords.
According to Microsoft, the Reveton campaign infected again and again widely across the world. Sellmer adds that several automated exploit kits contain Reveton, especially BlackHole the well-known attack toolkit. Crn.com published this dated May 20, 2013.
Essentially, being successful in its infections, the Reveton scam recently drew the Federal Bureau of Investigation's attention too. The FBI, telling about the malware's assaults during November 2012, cautioned that its extortion method involved a fake alert which stated that the user had violated a federal act.
Conclusively, Microsoft urges end-users towards removing potential infection mediums, before getting victimized with Reveton, by making all software applications up-to-date. Besides, they must deploy every essential security update while make the Flash Player and Java plug-ins of their browsers up-to-date as well.
» SPAMfighter News - 5/27/2013