Crisis for Windows sneaks onto virtual machines

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Crisis for Windows sneaks onto virtual machines
Crisis-spread.png
Botnet Crisis
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 20 aug2012
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines (Archive copy)
Author Takashi Katsuki
Type

Abstract

Symantec reported new malware for Mac last month that we called OSX.Crisis. Kaspersky then reported that it arrives on the compromised computer through a JAR file by using social engineering techniques.

The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer. However, we found two special functions in the Windows version of the threat that Symantec detects as W32.Crisis.

Bibtex

 @misc{Katsuki2012BFR1118,
   editor = {Symantec},
   author = {Takashi Katsuki},
   title = {Crisis for Windows sneaks onto virtual machines},
   date = {20},
   month = Aug,
   year = {2012},
   howpublished = {\url{http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines}},
 }