Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
Trojan learns to bypass antiviruses using innocent pictures
New encryption ransomware SyncCrypt uses graphics files to infect computers; components of malware encrypted hidden inside a PNG file that allows you to bypass the majority of antivirus software.
SyncCrypt distributed with spam in emails with attachments in the format of the WSF, which are issued for a court order. If the user opens a file, embedded in it JavaScript downloads from a few different addresses the seemingly innocent image files, which is extracted from malicious filling.
Without script it’s not working, so if you just try to access these images for a direct link, the malicious components remain encrypted.
Components of the Trojan are three of the file – sync.exe, readme.html and readme.png.
WSF file in Windows creates a deferred task Sync, which, consequently, runs the file sync.exe. He begins to scan the computer for files with a certain extension, and encrypt them using AES with a built-in public key RSA-4096. Encrypted files get the extension .kk.
Encrypted files are exposed to more than 350 types used most popularname programs, including asp, bat, bmp, cdr, css, doc, docx, gif, html, eml, jpeg, jpg, jar, java, ods, odt, pdf, ppt, pptx, sql, sqlite, xls, xlsx, png, rar, tar, zip, etc.
Most anti-viruses can’t identify Trojan SyncCrypt hiding malicious components inside the graphic file.
22/08/17 Çap et