Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Cryptowall ,again!

Published: 2015-03-06
Last Updated: 2015-03-06 11:23:32 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)

A new variant Cryptowall (An advanced version of cryptolocker) is now using a malicious .chm file attachment to infect systems.

According to net-security.org, Bitdefender labs has found a spam wave that spread a malicious .chm attachments.

CHM is the compiled version of html that support technologies such as JavaScript which can redirect a user to an external link.

“Once the content of the .chm archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process.”

 ======================================

1-https://isc.sans.edu/diary/Traffic+Patterns+For+CryptoWall+3.0/19203

2-https://isc.sans.edu/forums/diary/Pay+attention+to+Cryptowall/18243/

3-http://www.net-security.org/malware_news.php?id=2981&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Keywords:
0 comment(s)
ISC StormCast for Friday, March 6th 2015 http://isc.sans.edu/podcastdetail.html?id=4385

If you have more information or corrections regarding our diary, please share.

Recent Diaries

XML: A New Vector For An Old Trick
19 hours ago by DidierStevens (1 comment)

Anybody Doing Anything About ANY Queries?
21 hours ago by Dr. J. (5 comments)

No Wireshark? No TCPDump? No Problem!
1 day ago by Rob VandenBrink (7 comments)

Freak Attack - Surprised? No. Worried? A little.
2 days ago by Mark (5 comments)

An Example of Evolving Obfuscation
2 days ago by Brad Duncan (3 comments)

How Do You Control the Internet of Things Inside Your Network?
3 days ago by Dr. J. (1 comment)

Advisory: Seagate NAS Remote Code Execution
4 days ago by Rick (1 comment)

Let's Encrypt!
6 days ago by Rick (5 comments)

DDOS are way down? Why?
6 days ago by Rick (2 comments)

View All Diaries →

Latest Discussions

Google's security-focused Android and Chrome for Work
created 1 week ago by Anonymous (0 replies)

How do I fix website security certificate errors?
created 1 week ago by Alvirajohn (0 replies)

Please help with securing my website
created 4 weeks ago by Anonymous (0 replies)

Please help with securing my website
created 4 weeks ago by Anonymous (3 replies)

your EMET 5.1 experience?
created 1 month ago by Mallory Bobalice (4 replies)

View All Forums →

Latest News

View All News →