12345

2/15/2011

Found Ransomware disguised as a QuickTime Player.

1. Introduction

Various kinds of Ransomwares and its variants are prevalent these days.
Among these ransomwares, a peculiar ransomeware disguised as a QuickTime player has appeared.
Damage case hasn't reported in South Korea so far, however, for preventing its financial damage, we need to be careful on using internet.


2. Spreading path and symptoms of infection

Previously found ransomware was disguised as various types of application, recently found ransomware was masqueraded as a QuickTime player.


Besides, it adopted digital signature of "Avira", one of famous anti-virus SW company.


This ransomware can be injected tampered web page or can be spread as a attachment of e-mail.
Link on messenger or SNS also can be possible.

Since this ransomware has similar icon and file name to QuickTime player's, general users can be easily induced. Furthermore, once infected this ransomware, following run screen will appear.


3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name
- Trojan/W32.Gimemo.563336

1 comment: