Ransomware gets professional, targeting Switzerland, Germany and Austria
(Publication) Google search: [1]
| Ransomware gets professional, targeting Switzerland, Germany and Austria | |
|---|---|
| |
| Botnet | Gimemo |
| Malware | Aldi Bot |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 3718 |
| Editor/Conference | Abuse.ch |
| Link | http://www.abuse.ch/?p=3718 www.abuse.ch (www.abuse.ch Archive copy) |
| Author | |
| Type | |
Abstract
“ In March I blogged about a ransomware which has been targeting various countries, locking down the victims computer due to “Child Porn and Terrorism”.
This week I spotted another ransomware campaign that is targeting Swiss, German, and Austrian internet users. This time the criminals seems to use a different schema to lock down the victims computer: violation of local copyright law.
- Infection vector ****
The infection vector is a well known drive-by exploit kit called “Blackhole”. It is sold in underground forum and used by various criminal groups to infected computers “on the fly” by (ab)using one or more security vulnerabilities in the victims web browser (or a third party plug-in like Adobe Flash Player, Adobe Reader or Java). In this case a Blackhole exploit kit located at pampa04.com was involved to spread the ransomware:
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1003,
editor = {Abuse.ch},
author = {},
title = {Ransomware gets professional, targeting Switzerland, Germany and Austria},
date = {25},
month = Apr,
year = {2012},
howpublished = {\url{http://www.abuse.ch/?p=3718 www.abuse.ch}},
}