- Jan 24, 2011
- 9,378
A recently discovered malicious email campaign revealed a less common method to deliver malware by using SVG files (images with support for interactive and animation features), to hide links to downloading crypto-malware.
Researchers that caught a sample email and analyzed the behavior of the nasty SVG say that the payload appears to be CryptoWall, judging by some indicators associated with this malware family.
The ransom message displayed to the victim after data encryption completes also points to this particular threat. The demand is $700 / €635.
Malware host available in SVG's JavaScript code
The email contains the typical lure of someone claiming to send their resume. The text is brief and points the recipient to the malicious attachment. Infecting the computer requires user interaction.
SVG (Scalable Vector Graphics) have support for JavaScript, which the attackers took advantage of to include the links to the location hosting the ransomware with file encryption capabilities.
Researchers at AppRiver analyzed the downloaded file and discovered that it contained hard coded SQL commands, pointing to a potential school’s database. The experts had halted attacks with this malware before, which targeted schools, Jonathan French said in ablog post.
Read more: http://news.softpedia.com/news/Malicious-SVG-Files-Used-to-for-Ransomware-Delivery-482055.shtml
Researchers that caught a sample email and analyzed the behavior of the nasty SVG say that the payload appears to be CryptoWall, judging by some indicators associated with this malware family.
The ransom message displayed to the victim after data encryption completes also points to this particular threat. The demand is $700 / €635.
Malware host available in SVG's JavaScript code
The email contains the typical lure of someone claiming to send their resume. The text is brief and points the recipient to the malicious attachment. Infecting the computer requires user interaction.
SVG (Scalable Vector Graphics) have support for JavaScript, which the attackers took advantage of to include the links to the location hosting the ransomware with file encryption capabilities.
Researchers at AppRiver analyzed the downloaded file and discovered that it contained hard coded SQL commands, pointing to a potential school’s database. The experts had halted attacks with this malware before, which targeted schools, Jonathan French said in ablog post.
Read more: http://news.softpedia.com/news/Malicious-SVG-Files-Used-to-for-Ransomware-Delivery-482055.shtml
