Adwind distributed under the “malware as a service” model. Anyone can buy a trojan on the black market.
“The fact that Adwind can be accessed as a regular service is disturnbing. Anyone can pay and attack the enterprises that run critical infrastructure facilities”, – said Bob Noel, Plixer vice president of strategic relations.
According to Milo Salvia, a researcher at Cofense, ongoing attacks begin with malicious mailing. The letter, which attracted experts’ attention, was sent from a hacked account of Friary Shoes. It stated that the recipient must sign and return a copy of a payment receipt.
The letter was accompanied by an image with a built-in link, masked under a PDF file.
If the user tried to open the attachment, he was automatically redirected to the hacked site of Fletcher Specs, from which the malware was downloaded to victim’s computer.
Read also: Trojan Varenyky spies on porn sites users
The original payload was a JAR file named Scan050819.pdf_obf.jar. Thus, attackers tried to hide the true extension and pass it off as a PDF document. This JAR file in the background created two Java.exe processes that loaded two separate .class files containing Adwind. After that, the malware transmitted a signal to the command and control server.
“Forcing users to open malicious links or attachments is still the most successful way for cybercriminals to gain access to the target system. Malwares like Adwind will be able to disable antiviruses when they get to the device”, – said Bob Noel.
To avoid detection, the Trojan found on the computer the most common anti-virus programs and malware analysis tools and disabled them using the taskkill.exe process.
About Chernars.com Chernars.com pop-ups can not open out of nowhere. If you have actually clicked…
About Eclipse-adblocker.pro Eclipse-adblocker.pro pop-ups can not open out of nowhere. If you have actually clicked…
About Initiateadvancedcompletelythe-file.top Initiateadvancedcompletelythe-file.top pop-ups can not open out of nowhere. If you have actually clicked…
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…