Hyphenet Blog Wrote:FBI Warns Users Not to Fall for Reveton Ransomware Scam | Technology News, Computer Security - Hyphenet Blog
The FBI’s Internet Crime Control Center (IC3) has joined Trusteer in warning users about an ongoing malware attack that plants ransomware on the target PC, rendering the system useless until the user pays a $100 fine to unlock it.
The attack starts when the user visits a malicious website that infects their computer with the Citadel Trojan via drive-by-download. The Citadel Trojan then connects to its command & control server to download the Reveton ransomware.
Upon execution, Reveton locks the infected system and displays a fake warning message from the US Department of Justice claiming that the user’s IP address was used to view disturbing content, including child pornography, and that a $100 fine must be paid to unlock the system.
This operating system is locked due to the violation of the federal laws of the United States of America! Following violations were detected
Your IP address is [YOUR IP]. This IP address was used to visit websites containing pornography, child pornography, zoophilia, and child abuse. Your computer also contains video with pornographic content, elements of violent and child pornography! Spam-messages with terrorist motives were also sent from your computer.
This computer lock is aimed to stop your illegal activity.
It is important to note that even if the user makes the mistake of paying off the “fine” cooked up by the Reveton ransomware, they’re still not off the hook.
The Citadel Trojan continues to work independently of the Reveton ransomware, harvesting personal and financial information that will be used by cybercriminals to commit identity theft and credit card fraud. The infected machine may also be recruited to participate in DDoS attacks and spam campaigns.
Protecting Your PC From Citadel & Reveton Malware
Since the Citadel Trojan is delivered via drive-by-download attacks, users can minimize their chances of infection by:
- Keeping your operating system patched and up-to-date.
- Installing updates for any software on your machine, especially Adobe Flash, Adobe Acrobat and Java since they are commonly exploited in drive-by-download attacks. You may also want to consider disabling Java if it’s not needed.
- Always run antivirus software and make sure the virus definitions are current.
- Remain vigilant and use common sense. Don’t visit sites that are suspicious, but keep in mind that cybercriminals often use compromised sites to conduct drive-by-downloads.
a screencap of a facebook user that got "lured":
[side note too: the "drive-by" sites can come to you in the form of bogus emails that look equally official as well i.e. saying they're from facebook, PayPal, bank, ISP, YouTube, etc; good practice: always verify hyperlinks --often the text of the links and icons, and even now url texts are bogus (you can always copy/paste the link
first in a text form to verify the url before entering it a browser; some email programs also display the actual link when the text link is moused over)]