The first polymorphic Ransomware was released

A new step in των ransomware τεκμηριώθηκε από ερευνητές που ανακάλυψαν ένα δείγμα του κακόβουλου λογισμικού που κρυπτογραφεί τα at αποθήκευσης και δημιουργεί μοναδικούς κλώνους του εαυτού του λόγω των πολυμορφικών χαρακτηριστικών του.2-C_scr_0

The new threat has been named VirRansom and VirLock by researchers from Sophos and ESET, respectively. This crypto-malware, unlike any of its kind, allows the files to be decrypted, but this will not stop blocking the victim's computer screen. In this way he causes the victim to pay.1-WinXP-2014-11-21-21-42-07

Just the Ransomware τρέξει στον υπολογιστή του θύματος ενσωματώνεται σε ένα φορητό εκτελέσιμο Portable Executable (PE) και πρόσθετει την επέκταση .

It is noteworthy that malware scrambles the files it affects, but also decrypts it when it is executed.

From the moment that run the infected file, the virus automatically starts spreading in the system. ESET researchers report that on two occasions it landed on “%userprofile%” and “%AllUsersProfile%”.

According to the researchers' analysis, VirLock can infect documents (DOC, XLS, PDF, PPT), images (PNG, GIF, BMP, PSD, JPG), audio files (MP3), MPG compressed files (RAR, ZIP).Ransomware

It looks like at the moment there are at least six variants of the malware running on the Internet.

If VirLock / Ransom malware does not encrypt victim files as the other crypto-malware does, it locks the computer screen to achieve its target.

When the computer is in state , malicious deactivates explorer.exe, prevents the opening of Task Manager and other procedures that could help bypass it, according to ESET.

The message about the ransom threatens classically with legal consequences, for some alleged copyright violations, and asks for 216 in bitcoins.

ESET has developed one self-cleaning cleaner for this particular threat, while Sophos also provides one free tool designed for the same reason.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).