Jump to content

New CryptoLocker -variant


Juliet

Recommended Posts

http://forums.whatthetech.com/index.php?showtopic=108882&page=4&do=findComment&comment=839514

 

AplusWebMaster, on 26 Dec 2013 - 09:01 AM, said:

 

FYI...

 

New CryptoLocker -variant- spreads via removable drives

- http://blog.trendmic...movable-drives/

Dec 25, 2013 - "... a CryptoLocker -variant- that had one notable feature it has propagation routines. Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants. Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware often UPATRE to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems -without- the need to create (and send) spammed messages. Further analysis of WORM_CRILOCK reveals that it has a stark difference compared to previous variants. The malware has foregone domain generation algorithm (DGA). Instead, its command-and-control (C&C) servers are hardcoded into the malware. Hardcoding the URLs makes it easier to detect and block the related malicious URLs. DGA, on the other hand, may allow cybercriminals to evade detection as it uses a large number of potential domains. This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability. The differences between this particular CRILOCK variant and the others have led some researchers to believe that this malware is the product of a copycat. Regardless of its creator, WORM_CRILOCK.A shows that this could become the new favored attack method of cybercriminals. Users should -avoid- using P2P sites to get copies of software. They should always download software from official and/or reputable sites. Given WORM_CRILOCKs ability to spread via removable drives, users should also exercise caution when using flash drives and the like. Users should -never- connect their drives into unfamiliar or unknown machines..."

 

- http://www.welivesec...ion-or-copycat/

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...