Crisis for Windows sneaks onto virtual machines
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Crisis for Windows sneaks onto virtual machines | |
|---|---|
| |
| Botnet | Crisis |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 20 aug2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines (Archive copy) |
| Author | Takashi Katsuki |
| Type | |
Abstract
“ Symantec reported new malware for Mac last month that we called OSX.Crisis. Kaspersky then reported that it arrives on the compromised computer through a JAR file by using social engineering techniques.
The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer. However, we found two special functions in the Windows version of the threat that Symantec detects as W32.Crisis.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1118,
editor = {Symantec},
author = {Takashi Katsuki},
title = {Crisis for Windows sneaks onto virtual machines},
date = {20},
month = Aug,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines}},
}