Fake FBI Ransomware analysis
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Fake FBI Ransomware analysis | |
|---|---|
| |
| Botnet | Reveton |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / |
| Editor/Conference | AVG |
| Link | http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/ (Archive copy) |
| Author | Hynek Blinka |
| Type | |
Abstract
“ In our previous blog post our AVG Web Threats Research group analyzed a Blackhole exploit kit serving the fake FBI Ransomware. Today we will have a look at the ransomware itself.
- Payload
Here is a typical ransom malware payload once it’s active on infected computer:
User’s desktop is locked with a full-screen information displayed Task manager and Registry editor is disabled System hot keys are disabled to avoid the Trojan’s termination This is a screenshot from a system infected by fake FBI Ransomware; the criminals ask for 100 pounds to unlock the infected system
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1047,
editor = {AVG},
author = {Hynek Blinka},
title = {Fake FBI Ransomware analysis},
date = {01},
month = May,
year = {2012},
howpublished = {\url{http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/}},
}