Reveton changes tack, relies on fake AV

When it comes to the infamous Reveton ransomware, cyber crooks are forever coming up with additional ways to bilk money from users: pairing it up with banking Trojans, playing threatening voice messages, adding password stealing to its arsenal.

This time, Reveton does not ask for money to unlock the infected computer’s desktop – in fact, it doesn’t lock it at all. What it does is downloads and runs a fake AV variant – Live Security Professional – and tries to trick users into believing their computer is chock full of malware and urges them to sign up for protection (click on the screenshot to enlarge it):

The malware assures its persistence by creating a registry entry to allow itself to automatically execute whenever the system restarts, and so the user is constantly bombarded with pop-ups warning about the infections.

Users who fall for this scheme don’t just lose a considerable amount of money, but are also lulled into a false sense of security.

According to ThreatTrack‘s Chris Boyd, this particular Reveton variant is being distributed via compromised websites hosting the Sweet Orange exploit kit.