Broadband Tech > Security > Security > Reveton Ransomware uses Fake FBI Message to Extort Money

by Anne Saita
The FBI today warned of Internet-borne malware masquerading as a message from the law enforcement agency that locks computers until the user pays a fine for allegedly downloading and/or distributing illegal content.

"We're getting inundated with complaints," Donna Gregory of the Internet Crime Complaint Center (IC3), said in a prepared statement, referring to an uptick in callers complaining that an FBI message froze their computers.

The malicious code is the Reveton virus, used in conjunction with the Citadel malware platform, that first came to the FBI's attention in 2011. The agency's IC3 issued an alert in May 2012 to warn consumers of the ransomware, which in some forms even turns on computer webcams to show the victim's picture on the frozen screen.

When someone visits a compromised Web site, the malware installs and immediately locks down the machine while replacing the monitor screen with a fake FBI warning that the user's IP address has been linked to child pornography sites or other illegal online activity. The language is one tip-off the message may not be legitimate.

For instance, one screen-captured message cites "Article 1, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America." It claims this law allows "a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years." Another violation of the Criminal Code reportedly allows "deprivation of liberty for four to twelve years" for viewing or distributing "Child Porno/Zoofilia and etc." Still another results in up to $100,000 in fines and nine years of prison.

The targeted machine will remain inoperable until a fine is paid to the U.S. Department of Justice using a prepaid money card service, according to the bogus message. The vendor for payments depends on the geographic location of the IP address. Users are urged to comply to avoid criminal charges.

“Some people have actually paid the so-called fine,” Gregory said. She added that full removal of Reveton and Citadel likely will require expert assistance.
»threatpost.com/en_us/blogs/revet···y-080912
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Inside a ‘Reveton’ Ransomware Operation

by Brian Krebs
The U.S Federal Bureau of Investigation is warning about an uptick in online extortion scams that impersonate the FBI and frighten people into paying fines to avoid prosecution for supposedly downloading child pornography and pirated content. This post offers an inside look at one malware gang responsible for orchestrating such scams.

Reveton ransomware scam page impersonating the FBI
In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program.
»krebsonsecurity.com/2012/08/insi···eration/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/