Difference between revisions of "Crisis for Windows sneaks onto virtual machines"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " www.symantec.com" to "") |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Image=Crisis-spread.png | |Image=Crisis-spread.png | ||
|Link=http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines | |Link=http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines | ||
|Author=Takashi Katsuki | |Author=Takashi Katsuki | ||
|NomRevue=Security Response | |NomRevue=Security Response | ||
|Date=20 | |Date=20 aug2012 | ||
|Editor=Symantec | |Editor=Symantec | ||
|Year=2012 | |Year=2012 | ||
Latest revision as of 21:51, 5 August 2015
(Publication) Google search: [1]
| Crisis for Windows sneaks onto virtual machines | |
|---|---|
| |
| Botnet | Crisis |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 20 aug2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines (Archive copy) |
| Author | Takashi Katsuki |
| Type | |
Abstract
“ Symantec reported new malware for Mac last month that we called OSX.Crisis. Kaspersky then reported that it arrives on the compromised computer through a JAR file by using social engineering techniques.
The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer. However, we found two special functions in the Windows version of the threat that Symantec detects as W32.Crisis.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1118,
editor = {Symantec},
author = {Takashi Katsuki},
title = {Crisis for Windows sneaks onto virtual machines},
date = {20},
month = Aug,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines}},
}