Original URL: http://www.theregister.co.uk/2013/08/08/ransomware_scareware_hybrid_scam/

Child abuse ransomware tweaked to tout bogus antivirus saviours

Crass, fiendish and no doubt a good money-spinner

By John Leyden

Posted in Security, 8th August 2013 10:46 GMT

Cybercrooks have found another application for ransomware, the horrible software that locks up a PC until money is handed over: it's now being used to push fake antivirus onto victims.

Reveton - a widespread piece of ransomware that infects machines, falsely accuses marks of downloading images of child abuse and demands a fine to unlock the computers - has been adjusted to frighten users into buying craptastic security software.

Said software is bogus antivirus, otherwise known as scareware, which announces the PC is riddled with computer viruses and Trojans, a compelling claim that is also a lie: users are tricked into paying for a full version of the dud software in order to remove the non-existent nasties. Running such programs could utterly compromise the machine and the user's security.

Christopher Boyd, a senior threat researcher at ThreatTrack Security, has more on this use of ransomware to push sales of scareware in a blog post featuring screenshots here.

The Reveton hijack intercepted by ThreatTrack "ditches the locked desktop in favour of something a little more old school – horror of horrors, a piece of Fake AV called Live Security Professional," Boyd explained. Users are swooped on by the software nasty after visiting websites contaminated with browser exploits and the like courtesy of the Sweet Orange Exploit Kit.

Internet scumbags have previously used ransomware to peddle survey scams that earned crooks affiliate revenues from dodgy marketing firms. Grafting scareware onto ransomware is simply the next step. ®