Date:22/08/17
New encryption ransomware SyncCrypt uses graphics files to infect computers; components of malware encrypted hidden inside a PNG file that allows you to bypass the majority of antivirus software.
SyncCrypt distributed with spam in emails with attachments in the format of the WSF, which are issued for a court order. If the user opens a file, embedded in it JavaScript downloads from a few different addresses the seemingly innocent image files, which is extracted from malicious filling.
Without script it’s not working, so if you just try to access these images for a direct link, the malicious components remain encrypted.
Components of the Trojan are three of the file – sync.exe, readme.html and readme.png.
WSF file in Windows creates a deferred task Sync, which, consequently, runs the file sync.exe. He begins to scan the computer for files with a certain extension, and encrypt them using AES with a built-in public key RSA-4096. Encrypted files get the extension .kk.
Encrypted files are exposed to more than 350 types used most popularname programs, including asp, bat, bmp, cdr, css, doc, docx, gif, html, eml, jpeg, jpg, jar, java, ods, odt, pdf, ppt, pptx, sql, sqlite, xls, xlsx, png, rar, tar, zip, etc.
Most anti-viruses can’t identify Trojan SyncCrypt hiding malicious components inside the graphic file.
Trojan learns to bypass antiviruses using innocent pictures
New encryption ransomware SyncCrypt uses graphics files to infect computers; components of malware encrypted hidden inside a PNG file that allows you to bypass the majority of antivirus software.SyncCrypt distributed with spam in emails with attachments in the format of the WSF, which are issued for a court order. If the user opens a file, embedded in it JavaScript downloads from a few different addresses the seemingly innocent image files, which is extracted from malicious filling.
Without script it’s not working, so if you just try to access these images for a direct link, the malicious components remain encrypted.
Components of the Trojan are three of the file – sync.exe, readme.html and readme.png.
WSF file in Windows creates a deferred task Sync, which, consequently, runs the file sync.exe. He begins to scan the computer for files with a certain extension, and encrypt them using AES with a built-in public key RSA-4096. Encrypted files get the extension .kk.
Encrypted files are exposed to more than 350 types used most popularname programs, including asp, bat, bmp, cdr, css, doc, docx, gif, html, eml, jpeg, jpg, jar, java, ods, odt, pdf, ppt, pptx, sql, sqlite, xls, xlsx, png, rar, tar, zip, etc.
Most anti-viruses can’t identify Trojan SyncCrypt hiding malicious components inside the graphic file.
Views: 401
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
