Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.
Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.
Worryingly, CryptoLocker ransomware turns from a Trojan… into a worm
As if CryptoLocker wasn’t causing enough problems by infecting and locking thousands of innocent users’ Windows computers, security researchers have discovered a new variant of the ransomware that takes its propagation to a new level.
As Trend Micro describes, new versions of CryptoLocker have been seen that have wriggled out of its Trojan horse form, and adopted the skin of a USB-spreading worm instead.
Up until this, CryptoLocker couldn’t travel under its own steam. You would encounter it by opening an email attachment or clicking on a link perhaps claiming to come from your bank or a delivery company.
Crytolocker learned to replicate itself
In the category of Ransomware Malware, a nasty piece of malware called CRYPTOLOCKER is on the top, that threatened most of the people around the world, effectively destroying important files of the victims. Cryptolocker, which strongly encrypts victims’ hard drives until a ransom is paid, is now again back in action to haunt your digital life with an extra feature.
Until now, CryptoLocker has been spread via spam email, with victims tempted to download an attachment or click on a link to a malicious website, but now it can spread itself as a worm through removable USB drives.
January 6, 2014 Categories: