26th June 2017 by Bill Brenner
Spora ransomware first detected in January is back with a new technique that attempts to confuse and bypass antivirus products and email filters, SophosLabs researchers have discovered.
Like previous campaigns, the contagion arrives in an email bearing a tainted HTA (HTML Application) file. But while the file clearly has an HTA file extension, the file itself is crafted to confuse scanners that might ordinarily stop an HTA file into thinking it’s a harmless PDF and letting it through instead.
The technique has only been seen in attacks that target a Russian-speaking population, but if it works well, chances are better than average that we’ll see the same trick being used to target users in other countries.
Full Article.
How Spora ransomware tries to fool antivirus
Userlevel 7
+54
Userlevel 7
Well, one was bound to get variations on a theme re. ransomware and the merging of penetration & obfuscation techniques used in other types of malware...isn't that always the way.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.