Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2012
    S M T W T F S
    « Sep   Nov »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for October 8th, 2012




    Ransomware continuously evolves and updates its social engineering tactics to trick users into paying money to the cybercriminals.

    The samples we’re seeing today not only leverage the Federal Bureau of Investigation (or any police authority for that matter), but on this occasion also use a non-malicious .MP3 file!

    This audio file repeatedly informs users that their system is blocked because of a certain violation on the federal law they committed.  In addition, to unlock the system, users need to pay $200 (USD). Trend Micro detects this as TROJ_RANSOM.CXB and TROJ_RANSOM.AAF.

    When executed, TROJ_RANSOM.AAF. displays the following message:

    It drops the file, 1.mp3 in the current directory of the malware. It also sends and receives information from the following malicious websites:

    • {BLOCKED}.{BLOCKED}.156.30
    • {BLOCKED}.{BLOCKED}.229.104
    • {BLOCKED}.{BLOCKED}.44.239
    • {BLOCKED}.{BLOCKED}.165.210

    This attack comes hard on the heels of information published by senior threat researcher,  Loucif Kharouni on a Ransomware variant known as Police Trojan. This Trojan shows a notification from the user’s local police about a certain crime they apparently committed and locks the system until they pay up.

     
    Posted in Malware | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice