• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • Data Strategy Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • Data Strategy Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Malwarebytes uncovers AV-dodging ransomware in Java exploit kit

Security firm links ransomware to Neutrino attack tool spreading as fake Skype file

security risk management
  • Alastair Stevenson
  • Alastair Stevenson
  • @MonkeyGuru
  • 18 March 2013
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

Security firm Malwarebytes has discovered new ransomware being spread by the Neutrino exploit kit, targeting Java with a fake Skype file.

Malwarebytes security researchers Jerome Segura and Joshua Cannell reported discovering Neutrino on Monday, warning the ransomware can bypass all major antivirus products.

"Malwarebytes identified a ransomware Trojan, part of the Urausy family, which was being spread by a new Exploit Kit dubbed Neutrino. This ransomware sample evaded AV detection for almost a day and uses several levels of encryption to hide its payload," Segura told V3.

"The Exploit Kit itself was discovered in the wild by security researcher
Kafeine and it uses two recent Java vulnerabilities and a trick to bypass
the security warnings to execute silently."

The exploit kit is designed to target security flaws in Oracle's Java version 7 update 11 platform.

"In plain English, malicious applets can run without any warnings or user interaction. Following exploitation, a malware binary is downloaded by the Java process," explained Cannell.

"This practice is becoming more and more common these days as it makes detection by looking at traffic packets more difficult.

"The file is swiftly decrypted by the Java applet which in turns launches it. Upon execution the binary connects to a remote server and downloads the ransomware interface directly onto the victim's machine."

Ransomware typically locks a user's machine and then demands that the user pays for access to be restored.

Numerous forms of the malware have been spotted in the wild masquerading as messages from legitimate companies and law enforcement agencies.

The Neutrino attack pretends to be a legitimate Skype file to gain access to a user's machine.

"Analysis reveals the ransomware binary to be a skype.dat variant that's commonly seen in the wild. It's called this because the ransomware renames itself to "skype.dat" and is placed in the folder, along with a configuration file called "skype.ini," said Cannell.

"The skype.dat ransomware has nothing to do with the legitimate Skype program that millions of people use for VoIP communication."

The exploit kit's discovery comes amid widespread warnings within the security community that criminal's use of ransomware is growing.

At the end of 2012 security firm Symantec issued a report suggesting ransomware scams are now earning criminals as much as $33,000 a day.

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Hacking
  • malware
  • cyber-crime
  • Java
  • Skype

V3 Latest

TSMC starts high volume production of 7nm chips
TSMC starts high volume production of 7nm chips

Claims to have "the most competitive logic density" in the industry

  • Components
  • 25 April 2018
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics

Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs

  • Hardware
  • 25 April 2018
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
Europol coordinates close down of 'world's biggest' DDoS-for-hire service

Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia

  • Security
  • 25 April 2018
Almost 90 per cent of UK websites suffer from 'serious' security flaws
Almost 90 per cent of UK websites suffer from 'serious' security flaws

Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws

  • Security
  • 25 April 2018
Back to Top

Most read

Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year
AI could improve global stability from around 2040, claims US thinktank RAND Corporation
AI could improve global stability from around 2040, claims US thinktank RAND Corporation
How NoSQL database technology and IoT sensors are being put to work saving endangered elephants and tigers
How NoSQL database technology and IoT sensors are being put to work saving endangered elephants and tigers
MPs demand answers from TSB over online banking 'meltdown' following platform migration
MPs demand answers from TSB over online banking 'meltdown' following platform migration
British security start-up launches lip-sync authentication technology
British security start-up launches lip-sync authentication technology
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017