Η company ασφαλείας F-Secure φαίνεται ότι ανακάλυψε ένα παράξενο δείγμα “κακόβουλου” software originating from network of servers (botnet), which distributes Locky ransomware.
Normally the malware was in a ZIP file format JavaScript. Αν τώρα κάποιος χρήστης κάνει διπλό κλικ πάνω σε αυτό το JavaScript, το script θα κατέβαζε υπό κανονικές συνθήκες το ransomware Lοcky που θα άρχιζε να κρυπτογραφεί άμεσα τα δεδομένα του θύματος.
But this time, F-Secure researcher Päivi discovered that instead of Lócky, JavaScript put something different and completely harmless!
How is the event explained?
It seems that someone has violated Lócky's distribution network and replaced Locky ransomware with a file that is totally harmless.
The file simply shows a warning if someone is going to open it, stating: "Do not open email attachments from unreliable sources."
"You have already opened a malicious file to read this message,
For your own safety, do not open email attachments from unreliable sources. ”