Security researchers have discovered what looks like a copycat version of the Cryptolocker ransom Trojan that drops some of the malware's sophistication in favor of the single innovation of being able to spread via USB drives.
According to security firms Trend Micro and ESET, the recently discovered worm-like Crilock.A variant (which calls itself "Cryptolocker 2.0") poses as an updater for Adobe Photoshop and Microsoft Office on sites frequented by peer-to-peer file-sharers.
The command and control architecture is also new, ditching the domain generation algorithm (DGA) in favor of less sophisticated hardcoded URLs. Both of these odd developments have convinced Trend Micro that Crilock.A is the work of copycats rather than the original Cryptolocker gang.
Targeting file sharers is a strange choice because it while it increases the chance that the malware will be downloaded the potential list of victims is still far smaller than with previous "official" version. A similar point could be made about the abandonment of DGA for hard-coding, which is much easier to block; security firms simply have to reverse engineer the list and the malware becomes useless.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon