Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter
Revision as of 23:40, 22 December 2014 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Virlock, |Year=2014 |Date=2014-12-22 |Editor=ESET Welivesecurity |Link=http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ranso...")
(Publication) Google search: [1]
Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter | |
---|---|
Botnet | Virlock |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-12-22 |
Editor/Conference | ESET Welivesecurity |
Link | http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/ (Archive copy) |
Author | Robert Lipovsky |
Type | Blogpost |
Abstract
“ Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.
NOTE: Victims can restore their VirLock-infected files using our standalone cleaner, available for download at http://download.eset.com/special/ESETVirlockCleaner.exe
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR379, editor = {ESET Welivesecurity}, author = {Robert Lipovsky}, title = {Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter}, date = {22}, month = Dec, year = {2014}, howpublished = {\url{http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/}}, }