New Version of Reveton Reverts to Deliver Fake AV

Security experts of ThreatTrack security 'Reveton' observes that the well known ransomware has got a new variant which shifts back to the traditional tactic of distributing Fake AV (Anti-virus).

The latest variant does not lock computer screens but it relies on a fake antivirus called Live Security professional which acts like all other rogues.

First it enters the victim's system without his consent and modifies all his registered parameters which allow the hoax to launch automatically with the startup of each system.

Secondly it scans with fake system whenever the PC is switched on and thirdly it reports numerous fabricated infections saying that there is a desperate need of some anti-malware tool to get rid of all of them.

Finally, it leads victim to the page where he will be asked by the malware to enter his personal details along with financial information to process payment for a useless utility.

Interestingly, the initial malware is Reveton and it is relayed via Sweet orange exploit kit from an URL which Internauts are tempted to visit. Particularly, it drops the same .pad and .js linked with 'Reveton' using 'rundll32.exe' to initiate a .dll (Dynamic Link Library) file.

Thereattracksecurity.com published a statement of Chris Boyd, Senior researcher at Threat Track security on 8th August 2013 saying that it works like Reveton but it does not bolt the computer screen and employs a rogue which is a remarkable modification in tactics. This is an unexpected volte face given that a ransomware is currently pulling-out all the ends to compromise end users and compel them to pay.

Graham Cluley when inquired about what may be leading to this sudden change of tactics. He thinks it may simply be the cyber crooks amalgamating it. "When you're manufacturing numerous amounts of new variants of a malware, all doing the identical thing", he said, "it must be enticing to blend things up from time-to-time, and thereby try out something new... or try an old retro trick yet again just to see if it still catches anyone out," as accords to news published by infosecurity-magazine.com on August 7, 2013.

» SPAMfighter News - 8/19/2013