By Tony Larks, Vice President, Global Consumer Marketing, Trend Micro
This week three of the most notorious malware families have been spotted to work together on a global scale to create one single attack. The three variants identified by TrendLabs, the heart of Trend Micro’s threat research, are dressed in popular files, hidden in email messages sent to unsuspecting users as well as disguised malicious downloads.
The first culprit, data-kidnapper QUERVAR, is a new variant hiding in Microsoft Excel and Word files. Once infected, QUERVAR renames files with a .SCR extension and starts downloading ransomware on victims’ computers. Ransomware is typically designed to encrypt victims’ data and demand payment for the decryption; this could range from family photos to sensitive files. Whole computer systems and data on these systems are then held hostage against the user’s will.
The second member of the trio, is another piece of ransomware (TROJ_RANSOM.CMY) which tricks users in the US into thinking they have received a legitimate FBI warning that enforces copyright laws. Once installed, it then locks the computer and prevents users from accessing it. The disguised malware also tells users that they are under surveillance by displaying their IP address.
The final part of the malware team is known as a rootkit (SIREFEF/ZACCESS), a piece of software through which criminals gain access to victims computers to conceal changes to files and processes which may be taking place without the user’s knowledge. This particular type also disables any Windows security-related services that may be installed on the computer.
While these three present a lethal combination, Trend Micro customers are protected from these attacks via the Smart Protection Network™ through its file reputation and web reputation services.
Facebook users in the US can download their free trial of Trend Micro™ Titanium™ Windows or Mac Security and stay protected for 6 months! Get it now.
Tony Larks works for Trend Micro and is guest blogging for the Fearless Web. The opinions expressed here are his own.