For HomeFor BusinessFor Partners
Archive
2 min read

Weekly Review

Bogdan Botezatu

November 28, 2008

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Weekly Review

 

Trojan.Exploit.ANOP

Normal
0

21

false
false
false

DE
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”,”serif”;}

This is
another campaign that uses several exploits in an attempt to drive-by-download
other malware on vulnerable systems, similar to Trojan.Exploit.SSX. This time, Trojan.Delf.POH is the
payload. Trojan.Delf.POH monitors your browsing habits and sends the
information back to its servers to produce targeted pop-up advertisements.

The
exploits used in this JavaScript are:

  1. iframes which lead to different versions of
    the Flash Player exploit
  2. exploit for SSReader consisting in a buffer overflow vulnerability in the
    LoadPage” function
    of an ActiveX control

Both
exploits give the attacker the possibility to download and execute arbitrary
code on the affected machine (Trojan.Delf.POH)

 

Trojan.Rensom.B

This
e-threat is probably received via spam email as an attachement under the name
skype.exe. After execution, the file drops and runs three files and
displays an error message to make the user believe the file was invalid.

The dropped
files are:

%windows%lsass.exe
(detected: Trojan.Rensom.B)

%windows%services.exe
(detected: Trojan.VB.NXI )

%windows%uninstlv16.exe
(detected: Trojan.Rensom.B )

services.exe
and uninstlv16.exe spread the original malware infection to all available
removable disks. It copies the malware with the name “Skype.exe” and
creates an “autorun.inf” in order for the file to be executed when the
removable disk is plugged into another computer.

lsass.exe
will encrypt almost all the files on your hard drive (except the critical
system files). Meanwhile it will display a ransom note, asking the user to pay
a small fee in order to recover his files.

 

Information
in this article is available courtesy of BitDefender virus researchers: Daniel
Chipiristeanu, Adrian Stefan Popescu

tags

Archive

Author

Right now Top posts

Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
Threats The Safe Nomad

Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware

November 14, 2024

4 min read
How Scammers Stole $20 Million by Hacking Emails of Real Estate Agents – Here’s Why Small Firms Must Take Cybersecurity Seriously
Industry News Very Small Business Scam

How Scammers Stole $20 Million by Hacking Emails of Real Estate Agents – Here’s Why Small Firms Must Take Cybersecurity Seriously

November 11, 2024

3 min read
Is Your Digital Footprint Placing You in Scammers’ Crosshairs?
Scam

Is Your Digital Footprint Placing You in Scammers’ Crosshairs?

October 17, 2024

4 min read
What Key Cyberthreats Do Small Businesses Face?
Tips and Tricks How to Very Small Business

What Key Cyberthreats Do Small Businesses Face?

September 06, 2024

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

How to keep your Android device immune to malicious vaccine themed apps
Archive

How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine
Archive Industry News

Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands
Archive

Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read

Bookmarks

loader