Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Cryptowall ,again!

Published: 2015-03-06
Last Updated: 2015-03-06 11:23:32 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)

A new variant Cryptowall (An advanced version of cryptolocker) is now using a malicious .chm file attachment to infect systems.

According to, Bitdefender labs has found a spam wave that spread a malicious .chm attachments.

CHM is the compiled version of html that support technologies such as JavaScript which can redirect a user to an external link.

“Once the content of the .chm archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process.”





0 comment(s)
ISC StormCast for Friday, March 6th 2015

If you have more information or corrections regarding our diary, please share.

Recent Diaries

XML: A New Vector For An Old Trick
1 day ago by DidierStevens (1 comment)

Anybody Doing Anything About ANY Queries?
1 day ago by Dr. J. (6 comments)

No Wireshark? No TCPDump? No Problem!
2 days ago by Rob VandenBrink (7 comments)

Freak Attack - Surprised? No. Worried? A little.
2 days ago by Mark (5 comments)

An Example of Evolving Obfuscation
3 days ago by Brad Duncan (3 comments)

How Do You Control the Internet of Things Inside Your Network?
4 days ago by Dr. J. (1 comment)

Advisory: Seagate NAS Remote Code Execution
5 days ago by Rick (1 comment)

Let's Encrypt!
6 days ago by Rick (5 comments)

DDOS are way down? Why?
1 week ago by Rick (2 comments)

View All Diaries →

Latest Discussions

Google's security-focused Android and Chrome for Work
created 1 week ago by Anonymous (0 replies)

How do I fix website security certificate errors?
created 1 week ago by Alvirajohn (0 replies)

Please help with securing my website
created 4 weeks ago by Anonymous (0 replies)

Please help with securing my website
created 4 weeks ago by Anonymous (3 replies)

your EMET 5.1 experience?
created 1 month ago by Mallory Bobalice (4 replies)

View All Forums →

Latest News

View All News →