New ransomware stealing digital wallets

f929d4ac65aad1b1ebd944861d8d43c9-300x2507ccA new barrage of ransomware, capable of siphoning off digital wallets from Windows users, has been detected, according to a blog post from Heimdel Security.

The first wave of malware includes Pony, which steals usernames and passwords and sends the data to attacker-run C&C servers. Once armed with this data, the miscreants gain access to servers and CMS systems which broadly disseminates the malicious script.

Next, victims’ web sessions are highjacked so they are brought to a variety of domains onto which the notorious, off-the-shelf exploit kit Angler is dropped. The kit – able to integrate zero-day vulnerabilities and a number of other exploits – then scans for flaws in Windows and other software that is not up to date. When it finds an entryway, Angler takes advantage to force-feed CryptoWall 4.0 into victims’ systems.

The assault reportedly originated from the Ukraine and first infected computers in Denmark, but has spread beyond Europe.

Angler is particularly nasty as it can evade detection by traditional AV products.

 

SOURCE: Greg Masters | scmagazine.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s