- Jun 9, 2013
- 6,720
A fresh wave of infected emails is swirling around the globe, carrying a nasty ransomware payload.
ESET is warning of an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device. ESET telemetry detects this malicious downloader as JS/TrojanDownloader.Nemucod and records its unusually high incidence in Europe, North America (especially Canada), Australia and Japan.
Japan is the hardest hit with a 75% prevalence level.
The wide-spread infected emails contain attached zipped files that contain a JavaScript file that, when opened, downloads and installs Nemucod to the victim PC.
“Emails are written in a very trustworthy way, claiming to be invoices, notices of appearance in court or other official documents,” researchers noted in a blog. “Attackers are just trying to get users to open the malicious attachment.”
The end payload in this case is a crypto-bug, such as TeslaCrypt and Locky: When opened, it encrypts victims‘ files on their PCs and requires a ransom for decryption. Both TeslaCrypt and Locky use encryption standards similar to those used by financial institutions when securing online payments.
"Ransomware is one of the most active trends in cyber-criminal world, as it has a direct and profitable commercialization model—in some cases, without any significant costs, as most victims have a pretty insecure IT environment," InfoArmor CTO Andrew Komarov told Infosecurity.
Full Article. Nasty Trojan Spreads Global Ransomware via Email
ESET is warning of an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device. ESET telemetry detects this malicious downloader as JS/TrojanDownloader.Nemucod and records its unusually high incidence in Europe, North America (especially Canada), Australia and Japan.
Japan is the hardest hit with a 75% prevalence level.
The wide-spread infected emails contain attached zipped files that contain a JavaScript file that, when opened, downloads and installs Nemucod to the victim PC.
“Emails are written in a very trustworthy way, claiming to be invoices, notices of appearance in court or other official documents,” researchers noted in a blog. “Attackers are just trying to get users to open the malicious attachment.”
The end payload in this case is a crypto-bug, such as TeslaCrypt and Locky: When opened, it encrypts victims‘ files on their PCs and requires a ransom for decryption. Both TeslaCrypt and Locky use encryption standards similar to those used by financial institutions when securing online payments.
"Ransomware is one of the most active trends in cyber-criminal world, as it has a direct and profitable commercialization model—in some cases, without any significant costs, as most victims have a pretty insecure IT environment," InfoArmor CTO Andrew Komarov told Infosecurity.
Full Article. Nasty Trojan Spreads Global Ransomware via Email