Shulou(Shulou.com)05/31 Report--

This article mainly introduces what is the new routine of pornographic ransomware virus and information theft trojan in web security. The introduction in the article is very detailed and has certain reference value. Interested friends must read it!

E-mail fraud has become an excellent way for cybercriminals to extract money, and a new type of e-mail scam has recently taken such attacks to a new level. In this campaign, the attacker tricks the target user into installing the Azorult information-stealing Trojan, which in turn downloads and installs GandCrab ransomware on the target host.

In this attack, the target user receives an email claiming that "the computer has been hacked and recorded while you were browsing porn sites." "In addition, these emails will also contain your username and password, which makes them look more authentic, and these user passwords are collected by attackers in previous data breaches.

Next, the scam email asks users to pay bitcoins, otherwise the attacker will send videos of them to friends in the user's address book. Obviously, this is an obvious scam: your computer wasn't hacked, and the attacker didn't record the alleged videos.

ProofPoint's security experts have also recently uncovered a new type of online fraud, this time where attackers don't directly extort bitcoin payments from targeted users through extortion emails, but instead "entice" users to download videos recorded by attackers that record certain "special activities" of users. At this point, the user downloads a zip file containing an executable file that installs malware on the target user's host.

ProofPoint researchers wrote in the report: "We observed a pornographic ransomware campaign involving URLs associated with AZORult, where attackers eventually installed GandCrab ransomware on target devices. "

The file downloaded by the user is named like "Foto_Client89661_01.zip". The complete content of the pornographic blackmail email is as follows:

It roughly means: "Bad news for you, on September 8, 2018, I hacked your computer and took full control of it. Your email address is xxx and your password is xxx. How did I do that? The router you use to surf the Internet has vulnerabilities. I hacked into your router and implanted malicious code, so when you surf the Internet, your computer will be infected with Trojan viruses. I've got all the data on your computer, including website browsing history, address book and all kinds of files. I was just going to ask you for bitcoins to play with, but I noticed you were on porn all day. So, emm... Not only did I take screenshots, but I also recorded videos of you watching porn. In order to prove what I said, you can download it yourself and have a look. The address is also given to you! You don't want me to send this stuff to your friends and family, do you? Then hurry up and pay, I don't ask for much! Hurry up and pay! "

This new scam strategy is even more lethal because the recipient's first reaction is panic, and then they download the video to see if the "other person" is telling the truth. After downloading the file, they open the compressed file, but at this point they find themselves instantly infected with two different types of malware.

The first malware infected was AZORult, which collected information from the target host, such as login accounts, cookies, chat logs, and other files. Next, it installs GandCrab ransomware and encrypts the data stored on the user's computer.

Then the problem is even more serious at this time, because you were just scared by fraudulent emails, but now you have to face real trouble.

So we have to remind you again and again not to trust any email sent to you by strangers. Before opening these emails or downloading attachments, go online and see if anyone else has experienced something similar to you, so you can better protect yourself.

The above is "what is the new routine of porn ransomware and information theft trojans in web security" all the contents of this article, thank you for reading! Hope to share the content to help everyone, more relevant knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.