Beware! InsideWeb walk malware-blockers

In the World Wide Web distributed two programs-blockers encrypt user files and demanding money for data recovery. This is related to "Kaspersky Lab".

A malware is a modification of the dangerous Trojan GpCode. It encrypts files with popular extensions: doc, docx, txt, pdf, xls, jpg, mp3, zip, avi, mdb, rar, psd, and then deletes itself.

This program has been found by analysts of another 29 November and is detected as Trojan-Ransom.Win32.GpCode.ax. Currently Lab experts are working on ways to recover encrypted data.

«GpCode not apply yourself — it gets to your computer via infected websites and vulnerability in Adobe Reader, Java, Quicktime Player or Adobe Flash. Unlike previous versions of the blocker, existing since 2004, the new version does not delete the original files after decryption, and overwrites the data in them "- explain the researchers.

Another blocker was detected Trojan Seftad, hitting the master boot record of the operating system (MBR). Two variations of this malicious program added to the antivirus databases with names of Trojan-Ransom.Win32.Seftad.a and Trojan-Ransom.Boot.Seftad.a.

"Once infected Seftad overwrites MBR and demands money for providing a password, with which you can restore the original MBR. After three incorrect passwords infected computer reboots and the Trojan again requires you to transfer funds, "- added to the Laboratory.

Like this post? Please share to your friends: