A new variant Cryptowall (An advanced version of cryptolocker) is now using a malicious .chm file attachment to infect systems.
According to net-security.org, Bitdefender labs has found a spam wave that spread a malicious .chm attachments.
CHM is the compiled version of html that support technologies such as JavaScript which can redirect a user to an external link.
“Once the content of the .chm archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process.”
======================================
1-https://isc.sans.edu/diary/Traffic+Patterns+For+CryptoWall+3.0/19203
2-https://isc.sans.edu/forums/diary/Pay+attention+to+Cryptowall/18243/
3-http://www.net-security.org/malware_news.php?id=2981&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
'malware ' 카테고리의 다른 글
| XML: A New Vector For An Old Trick (0) | 2015.03.09 |
|---|---|
| What Happened to You, Asprox Botnet? (0) | 2015.03.09 |
| How Malware Generates Mutex Names to Evade Detection (0) | 2015.03.09 |
| ElasticSearch Groovy脚本远程代码执行漏洞分析(CVE-2015-1427) (0) | 2015.03.05 |
| SMACK: State Machine AttaCKs (0) | 2015.03.05 |