Post reply

News:

--> Devnullius's Choices: A list of default programs to keep your PC running well!

Samker's Computer Forum - SCforum.info »
World TOP Headlines: »
Latest Security News & Alerts »
Post reply ( Re: Trojan.Shadowlock - Warning from Symantec !!! )

Post reply

Name:
Email:
Subject:
Message icon:

[quote author=Samker link=topic=8284.msg21078#msg21078 date=1374392938]
[img]http://4.bp.blogspot.com/-34v6b-DVGNE/UefcYDkdF2I/AAAAAAAAC5M/3deqyQP3ZeU/s1600/win32kryptik.sh_-300x225.jpg[/img]

Symantec has discovered a bizarre ransom Trojan that eschews the usual demand for payment in favor of asking its victims to fill in an online survey to get an unlock code.

Given the name Shadowlock by the security firm, the underlying engineering of the Trojan is much the same as any one of the numerous other examples of ransomware: http://www.symantec.com/connect/blogs/close-encounters-shadowlock-kind

Infected Windows PCs display a dialogue box asking for the unlock code and the hint that they can find it after visiting a website linking to a list of different prize surveys or by downloading unnecessary software such as a media player.

The box won't clear until the survey code has been entered, and can't be closed using the task manager; attempts to delve into matters using the command prompt, PowerShell, Regedit, or MSConfig are also denied as is the ability to bypass it by invoking a restore point.

Entering the code incorrectly three times, or just attempting to close the dialogue, causes the system to shut down. Upon a reboot the same dialogue reappears after 20 seconds, the length of time the users have to try and shut it down using the Task Manager.

Shadowlock can also nix browsers and certain system tools as well as consume free resources and disable the Windows firewall.

[b]Other odd traits[/b]

Symantec was able to decompile the Trojan, which was built using .NET, well enough to discover some of its more eccentric secrets. For example, it also includes an Easter egg, a hidden routine that plays a the five-note theme from the 1976 alien abduction film Close Encounters of the Third Kind.

Other capabilities include being able to reverse mouse buttons and open the CD tray or open Windows utilities.

"It turns out the malware author has a sense of humor," wrote Symantec researcher, Fred Gutierrez in his blog on Shadowlock.

He speculates that the survey tactic might be an experiment to see much response it gets, or perhaps part of a genuine money-making scheme.

"These functions (as well as others) may find themselves being used in a future variant."

(PCW)
[/quote]

Attachments and other options

Return to this topic.
Don't use smileys.

Verification:

Type the letters shown in the picture

Listen to the letters / Request another image

Type the letters shown in the picture:

Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview

Topic Summary

Posted by: Samker

« on: 21. July 2013., 08:48:58 »

Insert Quote

Symantec has discovered a bizarre ransom Trojan that eschews the usual demand for payment in favor of asking its victims to fill in an online survey to get an unlock code.

Given the name Shadowlock by the security firm, the underlying engineering of the Trojan is much the same as any one of the numerous other examples of ransomware: http://www.symantec.com/connect/blogs/close-encounters-shadowlock-kind

Infected Windows PCs display a dialogue box asking for the unlock code and the hint that they can find it after visiting a website linking to a list of different prize surveys or by downloading unnecessary software such as a media player.

The box won't clear until the survey code has been entered, and can't be closed using the task manager; attempts to delve into matters using the command prompt, PowerShell, Regedit, or MSConfig are also denied as is the ability to bypass it by invoking a restore point.

Entering the code incorrectly three times, or just attempting to close the dialogue, causes the system to shut down. Upon a reboot the same dialogue reappears after 20 seconds, the length of time the users have to try and shut it down using the Task Manager.

Shadowlock can also nix browsers and certain system tools as well as consume free resources and disable the Windows firewall.

Other odd traits

Symantec was able to decompile the Trojan, which was built using .NET, well enough to discover some of its more eccentric secrets. For example, it also includes an Easter egg, a hidden routine that plays a the five-note theme from the 1976 alien abduction film Close Encounters of the Third Kind.

Other capabilities include being able to reverse mouse buttons and open the CD tray or open Windows utilities.

"It turns out the malware author has a sense of humor," wrote Symantec researcher, Fred Gutierrez in his blog on Shadowlock.

He speculates that the survey tactic might be an experiment to see much response it gets, or perhaps part of a genuine money-making scheme.

"These functions (as well as others) may find themselves being used in a future variant."

(PCW)

Terms of Use | Privacy Policy | Advertising

SMF | SMF © 2019, Simple Machines
TinyPortal © 2005-2012
XHTML
RSS
WAP2