MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

5.04.2010

New variant of ransomware through porn sites II

A new variant of this malware is In-the-Wild. It spreads through pornographic websites. When the user clicks on any of the images that presents the page to view the video course, an alert box warns about the need to install the Flash Player 10 application and offers the download of executable called flash_player.exe course (f26c45393af03e80a40ea06aafb01c63).

Like the case previously presented in this blog, this is a ransomware that displays a window with pornographic content.

As usual in this type of malicious code in order to eliminate the annoying image, requests to send a text message SMS rate (3381) to a specific phone number (84234321)

In addition, constantly opening a website with pornographic content is also hosted at IP address 77.247.179.176


Countermeasures
Delete the following processes:
  • plugin.exe
  • watcher.exe
Delete the folder hosted on Media C:\Documents and Settings\All Users\Media

Delete the following registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Module > c:\documents and settings\all users\media\plugin.exe

Or unlock with the following code: 19282736

Related information
Copyright violation: copyrighted content detected
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild
Desktop Hijack by Internet Security 2010. Your System Is Infected!
LockScreen. Your computer is infected by Spyware!!!

0 comentarios:

Post a Comment