Cryptowall Rebounds through Malware Tainted Attachments
BitDefender reports that one fresh spam mail campaign is targeting numerous inboxes by sending malware-tainted attachments labeled as .Chm files for disseminating the notorious ransomware Cryptowall version 3.0.
The company’s investigators show how hackers have used one not too “fashionable”, though extremely successful, tactic for automatically running malicious program on end-user’s computer while locking all the files stored on it.
A bogus inbound fax report electronic mail asserts it’s from one device within the end-user’s environment. According to BitDefender, this ruse has been used for targeting organizations’ employees so company networks could be infiltrated.
As soon as the victim accessed the compressed .Chm file’s content, a malevolent script pulled down one particular location, got converted into a temp file, while ran the malware. In the mean time a window issuing instructions popped up.
Bogdan Botezatu, Senior Threat Analyst with BitDefender states that attackers utilize 2 separate malware installers, one of which is more prevalent compared to the other, reported softpedia.com, March 9, 2015.
BitDefender recorded the most recent interception on 9th March 2015, suggesting the continuation of the spam campaign. The original e-mail wave occurred on 18th February 2015 that attacked about 200 end-users, reports BitDefender.
Moreover, the servers through which the spam mails are sent seem to be located inside Australia, Vietnam, India, Romania, Spain and USA. An analysis of domain-names of the spam recipients show that attackers are targeting people from across the globe like Australia, Europe, Sweden, Denmark, Holland, Slovakia and USA.