Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2012
    S M T W T F S
    « Nov   Jan »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for December 22nd, 2012




    The perpetrators behind the police ransomware are no longer just using the reputation of law enforcement to build credibility for their schemes — they’re using those of security vendors as well.

    We’ve spotted a police ransomware variant which tells of a supposed “treaty” between the law enforcement and antivirus vendors. It even has icons of these security vendors to appear legitimate. Trend Micro detects this new ransomware variant as TROJ_REVETON.IT.

    According to our findings, the .DLL file in the malware variant contains a lock screen image which contains logos of various antivirus companies such as Trend Micro, Symantec, McAfee, Sophos, and Microsoft among others. The text goes on to say, “To make the work of the Police more effective, on December 04, 2012 the International Treaty was signed between the companies who developes anti-virus software for identification of cyber-criminals.”  Of course, this is merely a ruse to trick people into believing its legitimacy. Once the malware is executed, it locks users’ computers and displays the fake message that says “Your computer has been locked. You have broken the law, your actions are illegal and will lead to criminal liability.”

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice