Updated Malware Using Tor

Wednesday, October 8, 2014 @ 04:10 PM gHale


All software goes through version updates and malware is no different.

So now the CryptoWall has a new version using the Tor anonymous network to establish a connection with the command and control server.

RELATED STORIES
Industrial Software Site Attacked
Targeted Attack: Device Maker Hit
Exploit Kit Remains Adaptive
Exploit Kit Delivers Double Payload

Although researchers found samples of the crypto-malware using Tor for quite a while, it still operated under the 1.0 version. The Tor component was not a part of the crypto-malware, but downloaded as an encrypted binary from compromised websites.

However, that has now changed as a sample showed the malware uses the ransom message to inform the owner of a compromised computer their data ended up locked with CryptoWall 2.0.

Security experts believe the modified version 1.0 of the malware was nothing but a way to test the new capabilities of the threat before deploying it to unsuspected users.

According to Malware-Traffic-Analysis.net, the new release of the crypto-malware distributes through fake emails from IRS claiming to be a reply to a complaint sent by the potential victim.



Leave a Reply

You must be logged in to post a comment.