- Aug 17, 2014
- 11,112
Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.”
Duncan, a handler at the SANS Institute Internet Storm Center, said that during the past two weeks he has noticed a significant increase in malicious spam delivering .zip archives with JavaScript files designed to download and install NemucodAES ransomware and Kovter click-fraud malware on a victim’s Windows PC.
NemucodAES is a variant of the Nemucod Trojan downloader, best known for being used in a wave of 2016 campaigns distributing Locky and TeslaCrypt ransomware. “By March 2016, we started seeing reports of ‘Nemucod ransomware’ that stopped downloading ransomware binaries in favor of using its own script-based ransomware component,” Duncan wrote in a SANS Institute Internet Storm Center posted Friday.
That variant is now being called NemucodAES. Since being identified, a decryptor exists to neutralize the ransomware threat.
Kovter click-fraud is malware known for being tricky to detect and hard to remove because of its fileless design after infection, according to Microsoft. Not only can it perpetrate click-fraud, but can also steal personal information, download additional malware, or give a hacker access to your PC.
Read More: NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
Duncan, a handler at the SANS Institute Internet Storm Center, said that during the past two weeks he has noticed a significant increase in malicious spam delivering .zip archives with JavaScript files designed to download and install NemucodAES ransomware and Kovter click-fraud malware on a victim’s Windows PC.
NemucodAES is a variant of the Nemucod Trojan downloader, best known for being used in a wave of 2016 campaigns distributing Locky and TeslaCrypt ransomware. “By March 2016, we started seeing reports of ‘Nemucod ransomware’ that stopped downloading ransomware binaries in favor of using its own script-based ransomware component,” Duncan wrote in a SANS Institute Internet Storm Center posted Friday.
That variant is now being called NemucodAES. Since being identified, a decryptor exists to neutralize the ransomware threat.
Kovter click-fraud is malware known for being tricky to detect and hard to remove because of its fileless design after infection, according to Microsoft. Not only can it perpetrate click-fraud, but can also steal personal information, download additional malware, or give a hacker access to your PC.
Read More: NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
