Latest Reveton ransomware strain includes IC3 warning
In an ironic twist, the purveyors of extortion malware known as Reveton are using the Internet Crime Complaint Center (IC3) name to lend credibility to their attempted heists.
IC3 serves as the national clearinghouse for online complaints, such as Reveton, and is the entity that published an alert Friday about the latest iteration of the Reveton threat.
Users typically fall victim to Reveton unexpectedly and unknowingly, through a tactic known as drive-by downloads in which their machines are infected simply when they visit a compromised site. Once their computers are hit, they freeze up, and users are greeted with a bogus notice on the screen that claims they have violated federal law -- typically for copyright or child pornography infractions --and they must make a payment via prepaid money card in order to regain control of their PC.
The new variant of the ransomware works in much of the same way as previous versions, except that this time, instead of the FBI, the message appears like it's coming from IC3.
Stephen Cobb, security evangelist of anti-virus company ESET, said Reveton is a steady, but not particularly widespread, threat, likely due to the cost of distributing it. After peaking in mid-October, it currently makes up a about one-tenth of one percent of the threats ESET sees from its users. By comparison, Conficker still is responsible for close to three percent of all threats.
But Reveton, which commonly is bundled with the dangerous banking trojan Citadel, is regularly being tweaked so to evade detection and, once installed on a machine, is difficult to remove.
"It's being hosted on a wide range of sites," Cobb said. "If they can get a server infected somewhere, they will host it...It can be very alarming when you get it. Even if you don't fall for it [and pay the ransom], you still got a problem."