Ransomware that Steals Passwords

Monday, May 20, 2013 @ 05:05 PM gHale


Users are starting to get wise to ransomware and when come face to face with an attack, they usually opt not to pay the “fine” and instead find a way to clean up their system.

That only means malware developers will end up turning it up a notch as they are trying a new approach and are using it as a diversion to steal information that can ultimately lead to money gain.

RELATED STORIES
Ransomware Encrypts Data
Ransomware Uses Java Zero Day
Java Zero Day Exploits Ready to Go
Adobe Fixes Acrobat, Reader, Flash

Microsoft researchers are warning about a new variant of the well-known Reveton ransomware.

It ends up on the victims’ computer via the Blackhole exploit kit, and on the surface acts like it always did: Locks the computer screen and demands money to unlock it.

But in the background, the malware downloads a password-stealer component from its C&C server and runs it.

“PWS:Win32/Reveton.B can steal passwords for a comprehensive selection of file downloaders, remote control applications, FTP, poker, chat and email clients, as well as passwords stored by browsers and in protected storage,” the researchers said. “However, as it can load almost any DLL served by the C&C on the fly, this might change.”

Keeping your OS and software updates should minimize the possibility of facing malware, but in case a user does get hit a Reveton infection, researchers said it is a good idea to change all passwords once you remove the malware from the computer.



Leave a Reply

You must be logged in to post a comment.