Malware Updates, Reloads

Wednesday, October 3, 2012 @ 10:10 AM gHale

A new variant of the Quervar malware hit the cyber street and this new threat has the same infection routines, but its structure is different compared to previous versions.

Quervar was widespread this past August, but in the first half of September, security researchers at Trend Micro noticed that it was starting to fade away.

Patches for Security Solution
Enfal Malware Hits Nuke, Energy Sectors
Over Half Androids have Vulnerabilities
Chrome for Android Fixes Bugs
Profiting off Android Attacks

However, attackers launched a new Quervar campaign that comes with interesting payloads: ZeroAccess Trojans and ransomware.

Identified as PE_QUERVAR.E-O, the threat connects to various domains in an attempt to download pieces of malware such as ROJ_RANSOM.CMY, HTML_RANSOM.CMY, and TROJ_SIREFEF.SZP (a ZeroAccess variant), Trend Micro researchers said.

The ransomware should lock computers and demand ransoms in the name of the FBI.

On the other hand, TROJ_SIREFEF.SZP is a rootkit malware that hides its presence by patching the services.exe file and by disabling all the operating system’s security-related services, the researchers said.

Leave a Reply

You must be logged in to post a comment.