Ransomware gets professional, targeting Switzerland, Germany and Austria

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Ransomware gets professional, targeting Switzerland, Germany and Austria
Ransomware gets professional targeting Switzerland Germany and Austria.png
Botnet Gimemo
Malware Aldi Bot
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 3718
Editor/Conference Abuse.ch
Link http://www.abuse.ch/?p=3718 (Archive copy)
Author
Type

Abstract

In March I blogged about a ransomware which has been targeting various countries, locking down the victims computer due to “Child Porn and Terrorism”.

This week I spotted another ransomware campaign that is targeting Swiss, German, and Austrian internet users. This time the criminals seems to use a different schema to lock down the victims computer: violation of local copyright law.

      • Infection vector ****

The infection vector is a well known drive-by exploit kit called “Blackhole”. It is sold in underground forum and used by various criminal groups to infected computers “on the fly” by (ab)using one or more security vulnerabilities in the victims web browser (or a third party plug-in like Adobe Flash Player, Adobe Reader or Java). In this case a Blackhole exploit kit located at pampa04.com was involved to spread the ransomware:

Bibtex

 @misc{2012BFR1003,
   editor = {Abuse.ch},
   author = {},
   title = {Ransomware gets professional, targeting Switzerland, Germany and Austria},
   date = {23},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://www.abuse.ch/?p=3718}},
 }