Cryptowall Rebounds through Malware-Tainted .Chm Attachments

BitDefender reports that one fresh spam mail campaign is targeting numerous inboxes by sending malware-tainted attachments labeled as .Chm files for disseminating the notorious ransomware Cryptowall version 3.0.

The company's investigators show how hackers have used one not too "fashionable" though extremely successful tactic for automatically running malicious program on end-user's computer while locking all the files stored on it.

.Chm works like a Compiled HTML file's extension, the file being a type that helps serve user manuals as well as software programs. Coming in zipped format, HTML files get served like one binary file having the suffix .Chm. The zipped archive contains various HTML documents, JavaScript files and graphics together with one link containing a contents table, full-text hunting and an index.

The .Chm files as described above are extremely communicative while execute different technologies, one of which is JavaScript that's capable of diverting end-users onto one outside URL by a simple way of viewing certain .Chm file. When cyber-criminals first abused .Chm files it helped them to automatically execute malware soon as the file was opened.

A bogus inbound fax report electronic mail asserts it's from one device within the end-user's environment. According to BitDefender, this ruse has been used for targeting organizations' employees so company networks could be infiltrated.

Soon as victim accessed the compressed .Chm file's content, malevolent script pulled down one particular location, got converted into a temp file, while ran the malware. A window issuing instruction popped up meanwhile.

Bogdan Botezatu, Senior Threat Analyst with BitDefender states that attackers utilize 2 separate malware installers, one of which's greatly prevalent compared to the other, reported softpedia.com, March 9, 2015.

BitDefender recorded the most recent spotting on 9th March 2015, suggesting the continuation of the spam campaign. The original e-mail wave occurred on 18th February 2015 that attacked about 200 end-users, reports BitDefender.

Moreover, the servers through which the spam mails are sent seem to be located inside Australia, Vietnam, India, Romania, Spain and USA. An analysis of domain-names of the spam recipients show that attackers are targeting people from across the globe like Australia, Europe, Sweden, Denmark, Holland, Slovakia and USA.

» SPAMfighter News - 3/18/2015