Tuesday, 21 January 2014

PowerLocker Takes Ransomware to a New Level

PowerLocker Takes Ransomware to a New Level
Net bandits have been flocking to ransomware because it is proving an easy way to make a quick buck. You infect someone's computer, encrypt all their files, and demand a ransom to decrypt them. It's becoming more popular due to new capabilities -- e.g., the ability to detect virtual machines and alter its behavior, the ability to detect sandboxes, and the use of Bitcoins for anonymous payments.


Up to now, the malware program CryptoLocker has been king of the ransomware roost, but PowerLocker (formerly PrisonLocker) may present a new challenge.
Among those countermeasures are the ability to determine if it's running on a virtual machine -- and if so, to alter its behavior. Researchers will run questionable programs on virtual systems to avoid infecting a networked box.
PowerLocker also has sandbox detection. Software sandboxes are used to isolate an app's behavior and prevent it from spreading any nastiness it may contain.

  • Bitcoin Connection

One way to thwart ransomware is to maintain a good backup regimen, so if one data set gets involuntarily encrypted, a backup set can be used to restore it. PowerLocker's authors appear to have thought of that angle, too.
It can scan removable devices, looking for potential backups or other tertiary files so it can encrypt those as well.
Ransomware has been around for sometime, but its recent rise in popularity may be linked to better means for collecting unjust rewards.
What makes ransomware more popular now is the anonymity by which you can make and receive payments.
One of those ways is through the digital currency Bitcoin, which "allows people to get money anonymously".

  • Yahoo Serves Up Malads

Poisoning advertising on Web pages is a common tactic used by online miscreants to spread malware. The practice was scaled up bit last week when a Yahoo server began distributing infected ads.
The technique used to infect the Yahoo ads is called "cross-site scripting." In this case, a Web page element called an "iframe," which is invisible to users, was used to direct them to a malicious website.
There was no user interaction needed for the exploit to be downloaded. Simply visiting a page with an infected ad could have resulted in infection".
The criminal enterprises behind today's malware want to infect as many systems as possible, he added. The more systems they can infect, the greater their profit will be. So I believe that they will use this iframe attack type again in the future, because it has proven to work.

No comments:

Post a Comment