MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

4.25.2010

Copyright violation: copyrighted content detected

New ransomaware In-the-Wild that under the excuse of being issued by an alleged entity that protects copyrights, tries to obtain money by deception strategy that seeks to "negotiate" with the victim to pay a fine.

At the time of executing its payload, operating system crashes showing a window as shown below, in which "warned" of the alleged violation of the copyright in the computer to detect copyright material.

The information presented on the screen can be displayed in ten languages: English, Czech, Danish, Dutch, French, German, Italian, Portuguese, Slovak and Spanish. This feature shows the professional looking for the attackers because every translation is well done, which is achieved by outsourcing translation work.

On occasion wallpaper set as the following image:


Furthermore, to ensure a good level of credibility, the strategy uses the legal aspect of the present as set forth in the Copyright Law of the European Union, and displays information from the headquarters of the agency who understands this type of conflict, depending on country is the victim.


For geo-location information, the malware establishes a connection from IP address 91.209.238.2 found in Moldova, Republic Of Eugenia E. Groza reporting IP address, and then do a whois to establish the country of origin of the victim.

> 91.209.238.2/m5tools/ip.php
                        > 91.209.238.2/m5tools/whois.php


Countermeasures
Press the Ctrl + Alt + Del to bring up task manager.
End process "iqmanager.exe"
Delete the folder IQmanager that is located in C:\Documents and Settings\Administrator\Application Data
Delete the Desktop icon

Enter the code below: RFHM2-TPX47-YD6RT-H4KDM


Related information
New variant of ransomware through porn sites
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild
Desktop Hijack by Internet Security 2010. Your System Is Infected!
LockScreen. Your computer is infected by Spyware!!!

0 comentarios:

Post a Comment