- Jan 24, 2011
- 9,377
A new resume-themed malicious email campaign spotted by security researchers aims at delivering version 3.0 of CryptoWall ransomware, recording success against some antivirus solutions.
Distributing crypto-malware this way is not uncommon, but cybercriminals make constant efforts to evade detection.
Ransomware delivered after several redirects
For this campaign, the threat actor sends the message making it look like it is a reply to a previous email sent by the victim. Attached to it is a ZIP archive containing an HTML document
The file redirects to a compromised WordPress website containing an iFrame with a redirect to a Google Drive cloud storage account serving the a malware downloader, which poses as a PDF but is in fact an executable file (SCR) associated with screensavers.
The infection chain is pretty intricate for a campaign of this kind and relies on multiple layers of obfuscation that are likely to fool multiple antivirus solutions.
Nick Biasini from Cisco’s TALOS security intelligence and research group analyzed the infection chain and said that a large number of the recipients were tricked and attempted to download the malware downloader from the compromised WordPress website.
Read more: http://news.softpedia.com/news/Email-Delivers-Resume-and-CryptoWall-3-0-483481.shtml