Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Zeus/Citadel variant causing issues in the Netherlands - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Zeus/Citadel variant causing issues in the Netherlands

According to some new sources (thanks Alexander) a trojan is doing the rounds in the Netherlands at the moment causing major issues within organisations.

The web sites http://webwereld.nl/nieuws/111424/nieuwe-trojan-grijpt-wild-om-zich-heen-in-nederland.html and http://nos.nl/artikel/404668-computervirus-treft-ook-venlo.html (both in Dutch) report that a trojan is affecting a number of organisations.  According to the article the trojan affects already Zeus infected machines.  Fox-it has an analysis here http://blog.fox-it.com/2012/08/09/xdoccryptdorifel-document-encrypting-and-network-spreading-virus/ and some of the original information can be found here http://www.damnthoseproblems.com/?lang=en

According to the analysis the malware encrypts files which will be a problem for those without proper backups. 

If you have samples feel free to upload them to our contact form (ziped up with a password of infected please).

Mark

 

Mark

391 Posts
ISC Handler
- http://www.damnthoseproblems.com/?p=599&lang=en
Latest reference 09-08-2012 Update 18:05...

.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!