- Joined
- Jul 28, 2007
- Messages
- 3,327
- Reaction score
- 3,055
Security firm Malwarebytes has discovered a new exploit kit, codenamed Neutrino, spreading ransomware by targeting Java with a fake Skype file, V3 has learnt.
Malwarebytes security researchers Jerome Segura and Joshua Cannell reported discovering Neutrino on Monday, warning the exploit kit can bypass all major anti-virus products.
"Ransomware is still going strong and infecting countless PCs. We happened to stumble upon an interesting sample which bypassed detection on all major antivirus products for almost an entire day before slowly being detected," said Cannell.
The exploit kit is designed to target security flaws in Oracle's Java version 7 update 11 platform.
"In plain English, malicious applets can run without any warnings or user interaction. Following exploitation, a malware binary is downloaded by the Java process," explained Cannell.
"This practice is becoming more and more common these days as it makes detection by looking at traffic packets more difficult.
"The file is swiftly decrypted by the Java applet which in turns launches it. Upon execution the binary connects to a remote server and downloads the ransomware interface directly onto the victim's machine."
Ransomware typically locks a user's machine and then demands that the user pays for access to be restored.
Numerous forms of the malware have been spotted in the wild masquerading as messages from legitimate companies and law enforcement agencies.
The Neutrino attack pretends to be a legitimate Skype file to gain access to a user's machine.
"Analysis reveals the ransomware binary to be a skype.dat variant that's commonly seen in the wild. It's called this because the ransomware renames itself to "skype.dat" and is placed in the folder, along with a configuration file called "skype.ini," said Cannell.
"The skype.dat ransomware has nothing to do with the legitimate Skype program that millions of people use for VoIP communication."
The exploit kit's discovery comes amid widespread warnings within the security community that criminal's use of ransomware is growing.
At the end of 2012 security firm Symantec issued a report suggesting ransomware scams are now earning criminals as much as $33,000 a day.
Source: IT news, reviews and analysis for UK IT professionals - V3.co.uk
Malwarebytes security researchers Jerome Segura and Joshua Cannell reported discovering Neutrino on Monday, warning the exploit kit can bypass all major anti-virus products.
"Ransomware is still going strong and infecting countless PCs. We happened to stumble upon an interesting sample which bypassed detection on all major antivirus products for almost an entire day before slowly being detected," said Cannell.
The exploit kit is designed to target security flaws in Oracle's Java version 7 update 11 platform.
"In plain English, malicious applets can run without any warnings or user interaction. Following exploitation, a malware binary is downloaded by the Java process," explained Cannell.
"This practice is becoming more and more common these days as it makes detection by looking at traffic packets more difficult.
"The file is swiftly decrypted by the Java applet which in turns launches it. Upon execution the binary connects to a remote server and downloads the ransomware interface directly onto the victim's machine."
Ransomware typically locks a user's machine and then demands that the user pays for access to be restored.
Numerous forms of the malware have been spotted in the wild masquerading as messages from legitimate companies and law enforcement agencies.
The Neutrino attack pretends to be a legitimate Skype file to gain access to a user's machine.
"Analysis reveals the ransomware binary to be a skype.dat variant that's commonly seen in the wild. It's called this because the ransomware renames itself to "skype.dat" and is placed in the folder, along with a configuration file called "skype.ini," said Cannell.
"The skype.dat ransomware has nothing to do with the legitimate Skype program that millions of people use for VoIP communication."
The exploit kit's discovery comes amid widespread warnings within the security community that criminal's use of ransomware is growing.
At the end of 2012 security firm Symantec issued a report suggesting ransomware scams are now earning criminals as much as $33,000 a day.
Source: IT news, reviews and analysis for UK IT professionals - V3.co.uk
