Difference between revisions of "Ransomware gets professional, targeting Switzerland, Germany and Austria"

From Botnets.fr
Jump to navigation Jump to search
m (1 revision imported)
m (Text replacement - " www.abuse.ch" to "")
Line 5: Line 5:
|Link=http://www.abuse.ch/?p=3718 www.abuse.ch

Latest revision as of 19:29, 5 August 2015

(Publication) Google search: [1]

Ransomware gets professional, targeting Switzerland, Germany and Austria
Ransomware gets professional targeting Switzerland Germany and Austria.png
Botnet Gimemo
Malware Aldi Bot
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 / 3718
Editor/Conference Abuse.ch
Link http://www.abuse.ch/?p=3718 (Archive copy)


In March I blogged about a ransomware which has been targeting various countries, locking down the victims computer due to “Child Porn and Terrorism”.

This week I spotted another ransomware campaign that is targeting Swiss, German, and Austrian internet users. This time the criminals seems to use a different schema to lock down the victims computer: violation of local copyright law.

      • Infection vector ****

The infection vector is a well known drive-by exploit kit called “Blackhole”. It is sold in underground forum and used by various criminal groups to infected computers “on the fly” by (ab)using one or more security vulnerabilities in the victims web browser (or a third party plug-in like Adobe Flash Player, Adobe Reader or Java). In this case a Blackhole exploit kit located at pampa04.com was involved to spread the ransomware:


   editor = {Abuse.ch},
   author = {},
   title = {Ransomware gets professional, targeting Switzerland, Germany and Austria},
   date = {09},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.abuse.ch/?p=3718}},