Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cryptowall ,again!

Published: 2015-03-06
Last Updated: 2015-03-06 11:23:32 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)

A new variant Cryptowall (An advanced version of cryptolocker) is now using a malicious .chm file attachment to infect systems.

According to net-security.org, Bitdefender labs has found a spam wave that spread a malicious .chm attachments.

CHM is the compiled version of html that support technologies such as JavaScript which can redirect a user to an external link.

“Once the content of the .chm archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process.”

 ======================================

1-https://isc.sans.edu/diary/Traffic+Patterns+For+CryptoWall+3.0/19203

2-https://isc.sans.edu/forums/diary/Pay+attention+to+Cryptowall/18243/

3-http://www.net-security.org/malware_news.php?id=2981&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Keywords:
0 comment(s)
ISC StormCast for Friday, March 6th 2015 http://isc.sans.edu/podcastdetail.html?id=4385
Diary Archives