IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Book Proposal Guidelines
Auerbach Publications


IT Performance Improvement



Networking and Telecommunications

Software Engineering

Project Management


Free Subscription to IT Today

Powered by VerticalResponse

Share This Article

Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks by Kenneth Brancik, $94.95
Information Security Governance Simplified: From the Boardroom to the Keyboard by Todd Fitzgerald, ISBN 9781439811634, $79.95
Cyber Fraud: Tactics, Techniques and Procedures by Rick Howard, $79.95
Data Mining for Intelligence, Fraud and Criminal Detection: Advanced Analytics and Information Sharing Technologies by Christopher Westphal, $79.95
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World by Stephen Fried, ISBN 9781439820162, $69.95
Practical Risk Management for the CIO by Mark Scherling, ISBN 9781439856536, $79.95
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement by W. Krag Brotby, ISBN 9781420052855, $79.95

Fake G-Men Attack Hijacks Computers for Ransom

May 2, 2012 - Trusteer Intelligence researchers have discovered a clever new use of the Citadel malware platform (a descendent of the Zeus Trojan) to deliver code ransomware that poses as the US Department of Justice and highjacks victims' computers. This ransomware, named Reveton, freezes the compromised machine's operating system and demands a $100 payment to unlock it. Reveton was observed a few weeks ago being used as a standalone attack, but has now been coupled with the Citadel platform. This is another example of financial malware expanding beyond online banking fraud and being used as a launch pad for other types of cyber-attacks. Citadel is able to target employees to steal enterprise credentials, and in this example targets victims directly to steal money from them, instead of their financial institution.

The attack begins with the victim being lured to a drive-by download website. Tere a dropper installs the Citadel malware on the target machine, which retrieves the ransomware DLL from its command and control server.

Once installed on the victim's computer, the ransomware locks-up the targeted machine and displays a warning message notifying the user that they have violated United States Federal Law. The web inject screen (below) claims the IP address belonging to the infected machine was identified by the Computer Crime & Intellectual Property Section as having visited websites that contain child pornography and other illegal content.

In order to unlock their computer, the victim is instructed to pay a $100 fine to the US Department of Justice using prepaid money card services. The payment service options presented to the victim are based on the geographic location of their IP address. For example, users with US IP addresses must pay using MoneyPak or Paysafecard. Independent of the Reveton ransomware secondary payload, Citadel continues to operate on the compromised machine on its own. Therefore it can be used by fraudsters to commit online banking and credit card fraud by enabling the platform's man-in-the-browser, key-logging and other malicious techniques.

"It is clear from this and similar attacks Trusteer has discovered recently that financial malware has achieved a technological level of sophistication which enables it to be used to carry out virtually any type of cyber-attack," said Trusteer CTO Amit Klein. "Through a combination of social engineering, data capturing and communication tampering these attacks are being used by criminals to target applications, systems and networks belonging to financial institutions, enterprises, and government agencies in order to commit fraud or steal sensitive information. We have to recognize that cyber-crime and cyber-security protection begins with the endpoint now more than ever."

© Copyright 2012 Auerbach Publications