Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Ransom malware merged with bank Trojan in new attack

Fradusters combine 'Reveton' with Zeus successor Citadel

Article comments

Adding injury to insult, fraudsters have merged the phenomenon of ransom Trojans with banking malware, producing a hybrid that demands money before attempting to steal user logins.

Noticed by several security firms since the turn of the year, the web drive-by Reveton Trojan tries to coax victims into handing over payments of up to $100 with the warning that they have been found accessing violent and child porn content by the US Department of Justice.

After locking up the PC to gain the user’s attention (the sophistication of this is unclear), the malware demands payment using cash transfer services that vary according to the geography of the victim's IP address.

So far the Trojan behaves like one of a growing number of ransom Trojans that have spread across the Internet in the last year, almost certainly the work of the same small family of Russian gangs, according to a recent Trend Micro analysis.

Although not a new Trojan, Reveton’s latest sting in the tail is that it now deploys the Citadel banking Trojan as a follow-up attack. A development of the notorious Zeus Trojan that ran amok across online bank websites in 2010, Citadel normally steals logins using man-in-the-browser and key-logging, but can also pilfer corporate logins if configured to do so.

“It is clear from this and similar attacks we have discovered recently that financial malware has achieved a technological level of sophistication which enables it to be used to carry out virtually any type of cyber-attack,” said Amit Klein of browser security firm Trusteer.

Just as security defences are becoming more layered, so attackers are adopting the same design principle, combining different attacks into hybrids that can be varied by geography or the type of victim.

“Through a combination of social engineering, data capturing and communication tampering these attacks are being used by criminals to target applications, systems and networks belonging to financial institutions, enterprises, and government agencies,” said Klein.

The primary ransom attack has been Detected by Microsoft as Trojan:Win32/Reveton.A since February. The malware’s fusion with the Citadel Trojan, noticed by Trusteer, appears more recent.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *