The Ransomeware Troyan has been very popular lately known as "Police Troyan" because after infection, user machine appeared locked showing a fake police webpage indicating that the user is suspected of certain crimes and his machine will remain locked until the payment of a penalty equivalent to certain amount of money.
At this time it was found a similar version of the Troyan Ransomeware with same fraud technique but this time pretending that victim has infringed some laws related to copyright and requesting payment of the appropriate sanction.
When user's computer has been infected, the Troyan redirects user navigation to the malicious URL:
hXXp://invalid-crew.com/start.php
This malicious script checks language settings that user has set on the browser to display a false webpage on user's language simulating the legitimate institutions of his country that are dedicated to protect copyright and intellectual property.
For Spanish users the Troyan redirect to the URL:
hXXp://invalid-crew.com/payz/iframe_ES.php
That will show the next screen simulating come from SGAE (General Society of Authors and Editors) – Spanish society
For France: hXXp://invalid-crew.com/payz/iframe_FR.php
The Login screen to access Control Panel Ransomeware Troyan has been located at the addresses:
hXXp://invalid-crew.com/admin/login.php
And:
hXXp://invalid-crew.com/bull/login.php
hXXp://invalid-crew.com/abc/admin/
In the control panel it is also possible to follow downloads tasks of different malicious binaries on zombies computers.
hXXp://95.163.68.147/abc/rat.exe
No hay comentarios:
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.