Malware – Cryptolocker attack uses fake Australian Electric Bill
Uncategorized May 31st, 2014Cryptolocker is a highly destructive attack that can permanently encrypt files so they cannot be recovered without paying for a key to unlock. This new attack is well described and realistic enough to trick some users.
https://isc.sans.edu/forums/diary/Fake+Australian+Electric+Bill+Leads+to+Cryptolocker/18185
QUOTE: The e-mail claims to come from “Energy Australia”, an actual Australian utility company, and the link leads to malicious site with similar name. The first screen presented to the user asks the user to solve a very simple CAPTCHA. This is likely put in place to hinder automatic analysis of the URL: The “bill” itself is a ZIP file that includes a simple ZIP file that expands to an EXE. Virustotal shows spotty detection. Once downloaded and unzipped, the malware presents itself as a PDF. But then, as soon as the malware is launched, it does reveal it’s true nature