December 10, 2012, 12:13 PM — A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
"Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now urges users to pay verbally," Ivan Macalintal, threat research manager at Trend Micro, said Monday in a blog post. "The user won't need a translator to understand what the malware is saying -- it speaks the language of the country where the victim is located."
Reveton is part of a category of malicious programs called ransomware that block certain OS features or encrypt personal files and ask victims for money in order to return their system to normal.
This particular Trojan program is also known as the "police ransomware" because it displays fake alerts purporting to come from law enforcement agencies in various countries and instruct victims to pay a fine for allegedly accessing or storing illegal content on their computers.
Reveton determines the country where the infected computer is located and displays a message in that country's national language purporting to come from a local law enforcement agency. It first appeared in 2011 and spread throughout Western Europe infecting computers in Germany, Spain, France, Austria, Belgium, Italy, the U.K and other countries.
The first variants targeting U.S. and Canadian computer users appeared in May 2012. At the end of November, the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), issued an alert that Reveton was being distributed by the Citadel banking Trojan program and was using IC3's name in its rogue alerts.
"There has been the occasional instance of malware with sound effects," David Harley, a senior research fellow at antivirus vendor ESET, said Monday via email. However, "malware with a regionalized, quasi-personalized voice message is new on me," he said.
Harley hasn't yet heard the voice messages played by this particular Reveton variant, but he believes if they are implemented effectively -- for example, English messages claiming to be from the FBI don't have a heavy Eastern European accent -- some people are likely to find them intimidating.