Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

New CryptoLocker variant spreads using USB devices

Cryptolocker is highly destructive as once data is encrypted, the system can usually only be recovered from backups (or one must pay the bad guys for keys to decrypt data).  This new variant improves the capability to spread from system to system.

http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/

http://www.symantec.com/connect/blogs/cryptolocker-qa-menace-year

QUOTE:  We recently came across a CryptoLocker variant that had one notable feature—it has propagation routines. Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.   Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.