Feeds

Child abuse ransomware tweaked to tout bogus antivirus saviours

Crass, fiendish and no doubt a good money-spinner

Internet Security Threat Report 2014

Cybercrooks have found another application for ransomware, the horrible software that locks up a PC until money is handed over: it's now being used to push fake antivirus onto victims.

Reveton - a widespread piece of ransomware that infects machines, falsely accuses marks of downloading images of child abuse and demands a fine to unlock the computers - has been adjusted to frighten users into buying craptastic security software.

Said software is bogus antivirus, otherwise known as scareware, which announces the PC is riddled with computer viruses and Trojans, a compelling claim that is also a lie: users are tricked into paying for a full version of the dud software in order to remove the non-existent nasties. Running such programs could utterly compromise the machine and the user's security.

Christopher Boyd, a senior threat researcher at ThreatTrack Security, has more on this use of ransomware to push sales of scareware in a blog post featuring screenshots here.

The Reveton hijack intercepted by ThreatTrack "ditches the locked desktop in favour of something a little more old school – horror of horrors, a piece of Fake AV called Live Security Professional," Boyd explained. Users are swooped on by the software nasty after visiting websites contaminated with browser exploits and the like courtesy of the Sweet Orange Exploit Kit.

Internet scumbags have previously used ransomware to peddle survey scams that earned crooks affiliate revenues from dodgy marketing firms. Grafting scareware onto ransomware is simply the next step. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.