Inicio de zonavirus, antivirus

NUEVA VARIANTE DE RANSOMWARE ALPHA (añade .encrypt a los ficheros cifrados)

msc hotline sat
Thursday, May 5, 2016

A partir del ELISTARA 34.49 pasamos a controlar esta nueva variante de ransomware de la familia ALPHA, de la que hace pocos días ya informamos de su aparición en Internet.





Contiene el siguiente texto:



__________



Greetings,

We'd like to apologize for the inconveniences, however, your computer has been locked. In order to unlock it, you have to complete the following steps:



1. Buy iTunes Gift Cards for a total amount of $400.00

2. Send the gift codes to the indicated e-mail address

3. Receive a code and a file that will unlock your computer.



Please note:,

- The nominal amount of the particular gift card doesn't matter, yet the total amount have to be as listed above.

- You can buy the iTunes Gift Cards online or in any shop. The codes must be correct, otherwise, you won't receive anything.

- After receiving the code and the security file, your computer will be unlocked and will never be locked again.



Sorry for the inconveniences caused.



Due to a bug in the code, the email addresses are not listed, but can be extracted from the malware.





criptote@hmamail.com

referas@hmamail.com

terder@hmamail.com

utera@hmamail.com




________________





y presenta esta imagen como fondo de pantalla::



http://i.imgur.com/RNvnVPcg.jpg" border="0" hspace="10" vspace="10"/>







Y codifica los ficheros con las siguientes extensiones:



.3ds, .3fr, .3pr, .ab4, .ac2, .accdb, .accde, .accdr, .accdt, .acr, .adb, .agd1, .ai, .ait, .al, .apj, .arw, .asm, .asp, .aspx, .awg, .backup, .backupdb, .bak, .bat, .bdb, .bgt, .bik, .bkp, .blend, .bmp, .bpw, .c, .c, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfp, .cgm, .cib, .class, .cls, .cmd, .cmt, .cpi, .cpp, .cr2, .craw, .crt, .crw, .cs, .csh, .csl, .css, .csv, .dac, .db, .db3, .dbf, .db-journal, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .der, .design, .dgc, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dwg, .dxb, .erbsql, .erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fpx, .fxg, .gif, .gray, .grey, .gry, .h, .h, .hbk, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iiq, .incpas, .jar, .java, .jpeg, .jpg, .js, .kc2, .kdbx, .kdc, .kpdx, .lua, .mdb, .mdc, .mef, .mfw, .mmw, .moneywell, .mos, .mpg, .mrw, .myd, .ndd, .nef, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nwb, .nx1, .nx2, .nyf, .odb, .odf, .odg, .odm, .odp, .ods, .odt, .orf, .otg, .oth, .otp, .ots, .ott, .p12, .p7b, .p7c, .pat, .pcd, .pdf, .pef, .pem, .pfx, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps, .psafe3, .psd, .ptx, .py, .ra2, .raf, .raw, .rdb, .rtf, .rw2, .rwl, .rwz, .s3db, .sas7bdat, .sav, .sd0, .sd1, .sda, .sdf, .sldm, .sldx, .sln, .sql, .sqlite, .sqlite3, .sqlitedb, .sr2, .srf, .srw, .st4, .st5, .st6, .st7, .st8, .stc, .std, .sti, .stw, .stx, .svg, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .txt, .vb .vbs, .wb2, .x3f, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .ycbcra





Llega en un mail adjuntando un .js que dropa otro .js que instala el ejecutable que infecta y codifica los ficheros de las extensiones indicadas.



Se recuerda que para este ransomware hay utilidad de descifrado de bleepingcomputer:

http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/





El preanalisis de virustotal ofrece el siguiente informe:



MD5 8922ddba556f280791c0a7fbe92abf52

SHA1 ea3aa4b16b6f124395e233bdf05b77d29c42438b

Tamaño del fichero 256.5 KB ( 262656 bytes )

SHA256: 7eeaec7790223a0128073f2eac723623a2401e903058a58c14aa26fef65b6008

Nombre: svchost.exe

Detecciones: 11 / 56

Fecha de análisis: 2016-05-05 12:50:15 UTC ( hace 0 minutos )

0 1



Antivirus Resultado Actualización

Avast Win32:Malware-gen 20160505

Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160505

CAT-QuickHeal TrojanPWS.ZBot 20160505

ESET-NOD32 a variant of MSIL/Injector.PCK 20160505

Kaspersky Trojan.Win32.Reconyc.fmnz 20160505

Malwarebytes Ransom.Alpha 20160505

McAfee Artemis!8922DDBA556F 20160505

McAfee-GW-Edition BehavesLike.Win32.BadFile.dc 20160505

Panda Generic Suspicious 20160504

Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20160505

Symantec Infostealer.Limitail 20160505



Dicha versión del ELISTARA 34.49 que lo detecta y elimina, estará disponible en nuestra web a partir de las 18 h CEST de hoy



saludos



ms, 5-5-2016

RSS Noticias AntivirusRSS Noticias Articulos AntivirusRSS Articulos RSS Descargas AntivirusRSS Descargas

>> Compartir

comparte con tus amigos, zonavirus.com
Redes Sociales en zonavirus
© 1998-2024 - pym:sol Aviso Legal | Política de Privacidad | Política de Cookies | Contacto