2012-10-12 - Evolution

Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design

Cam on Reveton design (for the post's thumbnail :) )

After launching what I think is its own new "Cool" Exploit Kit initiating a new way in browser exploit pack to drop payload ("Duqu-like" font drop), the team ( ? behind Reveton)

For those who do not know : Reveton (now) Old design ..Summer Collection ;)

is using it to spread Reveton which dress from its C&C with a new "Autumn Collection" and is targeting at least 4 new countries : AU,CZ, IE & NO

Find the one built for you :

Reveton US~~/Default~~ (10-2012)

New target for Reveton : Ireland

Reveton IE (10-2012) 5th to target this country (after Casier, Weelsof , Urausy, Epubb see : https://www.botnets.fr/index.php/Landings_IE )

New target for Reveton Norway

Reveton NO (10-2012) 3rd to target this country (after Gimemo & Urausy https://www.botnets.fr/index.php/Landings_NO )

New target for Reveton : Australia

Reveton AU (10-2012) 2nd to target Australia after Urausy
https://www.botnets.fr/index.php/Landings_AU

New target for Reveton: Czech Republic

Reveton CZ (10-2012) 2nd to Target CZ after Urausy
https://www.botnets.fr/index.php/Landings_CZ

Reveton CA (10-2012)

Reveton FR (10-2012)

Reveton NL (10-2012)

Reveton AT (10-2012)

Reveton DE (10-2012)

Reveton GR (10-2012)

Reveton FI (10-2012)

Reveton LU (10-2012)

Reveton PL (10-2012)

Reveton ES (10-2012)

Reveton SE (10-2012)

Reveton CH (10-2012)

Reveton UK the new Default(10-2012)

Reveton Design on Botnets.fr (missing BE,UK and PT) - so at least 21 design

Server replying to same domain that past weeks (cf Cool EK and Sakura/Smoke/Reveton) :

Reveton call home

Reveton Call Home on 2012-10-16

The good news : maybe less people will make confusion between Urausy & Reveton....till another copy cat

Notes : based on my tests : DK (but quite sure it's an Geoloc glitch and there is a design), LV, RO, RU, TK, SL, SI -> Default (UK PCeU).
Am having trouble to gather : BE ~~& UK~~ design. And as usual I can't download design in Portugal. Contact me if you think you can help

Want to read more about Reveton ?
Inside a ‘Reveton’ Ransomware Operation - Brian Krebs - Krebsonsecurity - 2012-08-13
Fake FBI Ransomware analysis - Hynek Blinka - Avg - 2012-06-19
Reveton.A - Microsoft Threat Encyclopedia
Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell

You'll find all design (past and present) on Reveton page of botnets.fr

For malware enthousiasts :

4fc648509619859719485ec7d8618867
8a7cb4c56a637a18596b09ddccf37ba6
<edit1 17/10/12> UK design Found..was easy it's the new default now - C&C domain point to a new IP <edit1>