Difference between revisions of "Fake FBI Ransomware analysis"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blogs.avg.com" to "") |
||
| Line 5: | Line 5: | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|Link=http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/ | |Link=http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/ | ||
|Author=Hynek Blinka, | |Author=Hynek Blinka, | ||
|NomRevue=AVG Official Blogs | |NomRevue=AVG Official Blogs | ||
Latest revision as of 22:12, 5 August 2015
(Publication) Google search: [1]
| Fake FBI Ransomware analysis | |
|---|---|
| |
| Botnet | Reveton |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / |
| Editor/Conference | AVG |
| Link | http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/ (Archive copy) |
| Author | Hynek Blinka |
| Type | |
Abstract
“ In our previous blog post our AVG Web Threats Research group analyzed a Blackhole exploit kit serving the fake FBI Ransomware. Today we will have a look at the ransomware itself.
- Payload
Here is a typical ransom malware payload once it’s active on infected computer:
User’s desktop is locked with a full-screen information displayed Task manager and Registry editor is disabled System hot keys are disabled to avoid the Trojan’s termination This is a screenshot from a system infected by fake FBI Ransomware; the criminals ask for 100 pounds to unlock the infected system
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1047,
editor = {AVG},
author = {Hynek Blinka},
title = {Fake FBI Ransomware analysis},
date = {02},
month = May,
year = {2012},
howpublished = {\url{http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/}},
}