2014-07-25 9:51 Author: Maciej Gajewski
Employees Kaspersky Lab detected a new malicious program named ‘Onion’, which uses anonymous network Tor to hide their dangerous nature and difficult to identify the creators of ongoing operations extort money from users.
Technical improvements have made the new representative of the category of ransomware is very dangerous – this is one of the most advanced encryption programs known malicious user data in order to extract from them a ransom for restoring the normal functioning of the computer.
Onion is a successor to other dangerous applications of this type, such as Cryptolocker, CryptoDefence / CryptoWall, ACCDFISA or GpCode. worm shall be deducted mechanism to further scare users – one of the messages displayed on the infected computer it states, that encrypted data will be irreversibly destroyed after the expiration of 72 hours, if you do not pay for cybercriminals for decryption.
Onion is controlled by cybercriminals using użyciuserwerów located wanonimowej Tor network. Researchers at Kaspersky Lab have already dealt with a similar approach, but so far it has been applied in the case of banking risks, such as the 64-bit variant of ZeuS.
, It seems that the Tor network has become proven communication system for malware authors. Onion uses, however, many technical improvements wporównaniu to what we saw earlier. Hiding in the Tor network servers used to control the malicious program significantly impedes the identification of criminals and their unconventional use of encryption mechanism that makes the locked files can not be recovered, even after the interception of data sent between the Trojan and its control server. All this means that we are dealing with a very dangerous threat and one of the most advanced malware ransomware in history , “said Fiedor Szinicyn, a senior malware analyst at Kaspersky Lab.three layers infection
By Onion able to reach the victim’s computer, cybercriminals use at the beginning of the malicious program distributed via botnet Andromeda (Backdoor.Win32.Androm.) This worm is instructed to download and run another dangerous application belonging to the family Joleee. At the end of the Onion is taken alone. This method of infection, however, may vary depending on the version of the threats – Kaspersky Lab experts have observed a great deal of flexibility in the construction of the pest.
Geography infection
most harmful infections Onion program was observed in the Commonwealth of Independent States, but individual attacks also appeared in Germany, Bulgaria, Israel, Libya and the United Arab Emirates area.
Recent samples pest intercepted by Kaspersky Lab include the ability to display the interface in Russian. This fact and the numerous comments in the code can attest to the fact that the creators of onion speak the language.
No comments:
Post a Comment