Fake Police Trojan Demands Funds

Friday, April 6, 2012 @ 11:04 AM gHale

Police Warning: Illegal content is on your machine and must make a payment to unlock the machine. Sound familiar? A new ransomware attack is hitting the cyber street.

Spotted in Europe, the scenario for a user plays out where he must pay to unlock an infected machine, by purchasing a Paysafecard and pay €100 ($130.87) to obtain an unlock code. But in reality users need not hand over anything to regain control of their PCs. With just a few simple steps, a user can gain control of infected machines from the Reveton Trojan.

RELATED STORIES
Spammers: It Just Keeps Working
Rogue AV Lets Victims do Dirty Work
Fake Google Antivirus Circulates
Java Attack Installs Malware in Memory

As always cyber thieves are preying on victims going into panic mode and complying with their demands without seeking external help.

Trend Micro said some of the people peddling the Reveton Trojan were also a part of the high-profile DNSChanger Trojan scam, the target of a successful Microsoft takedown operation last November.

“The same people peddling this Trojan are also heavily involved in other malware and are very invested in this business,” said David Sancho, a senior threat researcher at Trend Micro. “For instance, we have found that they were affiliates of the DNSChanger Trojan program called Nelicash that Rove Digital was sponsoring for a few years.

“The main persons behind Rove Digital were arrested on November 8, 2011 after a two year investigation by the FBI, the NASA Office of the Inspector General and Estonian police in collaboration with Trend Micro and other industry partners. So we might have found an important clue who is behind the police Trojan.”