May 31, 2012

Citadel trojan uses child porn scare to extort cash

The banking trojan Citadel, which is a variant of the insidious Zeus malware, now is being used to trick users into believing they have violated U.S. law and must pay a fine to unfreeze their computers, according to federal task force warning issued Wednesday.

Victims are lured into visiting a drive-by download site, which installs what is known as scareware, said an alert from the Internet Crime Complaint Center, which is made up of the FBI, National White Collar Crime Center and Bureau of Justice Assistance.

This scam software, dubbed Reveton, freezes the user's computer and prompts a pop-up that falsely informs the user they have violated federal law by visiting child pornography sites. To unlock their computer, victims are told they must pay a $100 fine to the U.S. Department of Justice.

The malware authors leverage the user's IP address to offer them online payment methods which they are familiar with and work in their country.

In the meantime, Citadel, which uses a social networking-type structure so its purveyors can communicate, remains on the victim's machine and is capable of stealing banking credentials.

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.