Beware of Ransomware

After reading a blog post by fellow Microsoft MVP “Donna’s SecurityFlash” I thought I’d do a little follow-up …


The ransomware was included in adware “Uccplay.” Victims are led into thinking the adware is a multimedia player, but when they install it, the program copies all video files stored on the computer to a hidden folder and removes the original files. Victims have no choice but to open the ransomware to access their video files, which then opens up a “certification” box that actually links to mobile phone payment.”


What I found was a lot more than “adware” from Uccplay … which is a “Google.Warning” site …



Just visiting this site is hazardous! … as you can see it immediately attempts to install a ActiveX, which is blocked by Windows Vista. However that’s not all it tries to do …



Look at all the “.cab” files this site tries to load! … Yikes! … I downloaded the “down.iedoumi(dot)com” cab file and scanned it at VirusTotal [results here] which is mainly detected as: Trojan-Downloader.Win32.Delf.bpn


FYI: “down.iedoumi(dot)com” is also a Google.Warning site … gee I wonder why … while the files from “microadsystem” are detected as: TR/Dldr.FakeAV.F.1 [results here]


Then “comclean.co(dot)kr” = Spyware.Comclean … although the “.cab” file is only detected as suspecious at VirusTotal.
Seems a little ironic that the same page that tries to infect you also tries to load a (unknown) Antivirus program too …



Comments are closed.