2012-10-12 - Evolution

Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design

Cam on Reveton design (for the post's thumbnail :) )

After launching what I think is its own new "Cool" Exploit Kit initiating a new way in browser exploit pack to drop payload ("Duqu-like" font drop), the team  ( ? behind Reveton)
For those who do not know : Reveton (now) Old design  ..Summer Collection ;)

 is using it to spread Reveton which dress from its C&C with a new "Autumn Collection" and is targeting at least 4 new countries : AU,CZ, IE & NO

Find the one built for you :

Reveton US/Default (10-2012)
New target for Reveton : Ireland
Reveton IE (10-2012) 5th to target this country (after Casier, Weelsof , Urausy, Epubb see : https://www.botnets.fr/index.php/Landings_IE )
New target for Reveton Norway
Reveton NO (10-2012) 3rd to target this country (after Gimemo & Urausy https://www.botnets.fr/index.php/Landings_NO )
New target for Reveton : Australia
Reveton AU (10-2012) 2nd to target Australia after Urausy
New target for Reveton: Czech Republic

Reveton CZ (10-2012) 2nd to Target CZ after Urausy

Reveton CA (10-2012)

Reveton FR (10-2012)
Reveton NL (10-2012)
Reveton AT (10-2012)
Reveton DE (10-2012)
Reveton GR (10-2012)
Reveton FI (10-2012)
Reveton LU (10-2012)
Reveton PL (10-2012)
Reveton ES (10-2012)
Reveton SE (10-2012)
Reveton CH (10-2012)
Reveton UK  the new Default(10-2012)

Reveton Design on Botnets.fr (missing BE,UK and PT) - so at least 21 design

Server replying to same domain that past weeks (cf Cool EK and Sakura/Smoke/Reveton) :

Reveton call home
Reveton Call Home on 2012-10-16

The good news : maybe less people will make confusion between Urausy & Reveton....till another copy cat

Notes : based on my tests : DK (but quite sure it's an Geoloc glitch and there is a design), LV, RO, RU, TK,   SL, SI -> Default (UK PCeU).
Am having trouble to gather : BE & UK design. And as usual I can't download design in Portugal. Contact me if you think you can help

Want to read more about Reveton ?
Inside a ‘Reveton’ Ransomware Operation - Brian Krebs - Krebsonsecurity - 2012-08-13
Fake FBI Ransomware analysis - Hynek Blinka - Avg - 2012-06-19
Reveton.A - Microsoft Threat Encyclopedia
Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell

You'll find all design (past and present) on Reveton page of botnets.fr

For malware enthousiasts :

<edit1 17/10/12> UK design Found..was easy it's the new default now - C&C domain point to a new IP <edit1>