Trend Micro warns that New Variant of CryptoLocker Spreads via Removable Drives
Security firm Trend Micro cautions that cybercriminals have brewed up a variant of the infamous CryptoLocker ransomware dubbed CRILOCK-A using worm-like characteristics to spread across removable or detachable drives.
The latest edition can distribute more effortlessly than previous forms of CryptoLocker. It is notable because it comes under hidden disguises of various types, highlights Trend Micro.
The malware was analyzed and identified as WORM_CRILOCK.A which demonstrates that this can distribute via removable or detachable drives and this update is considered important as this routine was never heard in other variants of CRILOCK. The adding of propagation features means that the malicious software can easily spread contrasting other CRILOCK variants.
The latest malware has many differences from popular CryptoLocker variants besides its technique of propagation. Instead of relying on a downloader - mostly UPATRE - to taint computers, this malware tends to be a starter for numerous software like 'Adobe Photoshop' and 'Microsoft Office' in peer-to-peer (P2P) file sharing websites. Uploading the malware in P2P websites allows hackers to easily taint computers without creating or sending spammed messages.
WORM_CRILOCK, further analysis, highlights that it has a bleak difference contrasting to previous editions and the malware has inevitable DGA (domain generation algorithm). Instead its C&C (command-and-control) servers are hard-coded into the malware and hard-coding the links makes it simpler to identify and block the interconnected nasty URLs. DGA in contrast, may allow scammers to evade identification as it employs a huge number of potential domains which means the badware is still in the course of being polished and improved upon. Therefore, we anticipate latter editions to have the DGA ability.
Regardless of its inventor, which may be different than previous CRILOCK, WORM_CRILOCK.A could become the new preferential method of attack by criminals.
Users must not use P2P websites to get replicas of software and they must constantly download software only from lawful and/or reputed sites. Since WORM_CRILOCK has the ability to distribute via removable or detachable drives, Internauts must also exercise caution when employing flash drives and the likes. However, Trend Micro advises users not to connect their removable drives into machines that are unfamiliar or unknown.
» SPAMfighter News - 09-01-2014