McAfee Labs Threat Advisory for W32/DistTrack

W32/DistTrack is detection for a worm malware that has extremely destructive behaviour. Machines infected by it are rendered useless because most of the files, the Master Boot Record (MBR), and the partition tables are overwritten with random data. The overwritten data is lost and is not recoverable. The system is rendered unbootable.

McAfee Labs Threat Advisory for Ransomware-SAMAS

Ransomware-SAMAS is a detection for a family of ransomware that on execution encrypts certain file types present in the user’s system. The compromised user has to pay the attacker with a ransom to get the files decrypted.

Ransomware-SAMAS has been known to be used in targeted ransomware attacks on Organisations.

KeRanger - OSX Ransomeware

March 4th Palo Alto Networks Research Center detected the first known fully functional Ransomware on OSX.

Ransomware is a type of Malware that restricts access to the affected computer system in some way, typically by encrypting the User files on a computer using an Asymmetric Encryption algorithm where the Private Key required to decrypt the files is not stored on the infected machine, and to get access to the Private key the infected party would be required to pay the 'Ransom' to unlock their files. The transactions are normally conducted using digital currency such at BitCoin.

McAfee Labs has released an updated Threat Advisory for W97M/Downloader and X97M/Downloader.

W97M/Downloader and X97M/Downloader are Microsoft Office files that contain a malicious macro. The only difference between them is that W97M detections are related to Word files and X97M detections are related to Excel files. The macro downloads and executes other malware on the infected machine. The malicious Office file usually arrives on a machine as an attachment as part of spam or phish emails. The file can be a Word document (.doc file and .docx file) or an Excel workbook (.xls file and .xlsx file).

McAfee Labs Threat Advisory for Ransomware-Locky

Ransomware-Locky is a ransomware that upon execution encrypts certain file types present in the user’s system.
The compromised user has to pay the attacker to get the files decrypted.

McAfee Labs has released an updated Threat Advisory for W32/Pinkslipbot.

The W32/Pinkslipbot worm is capable of spreading over network shares, downloading files, and updating its software. Additionally, it is capable of receiving back door command from its IRC command and control center. It attempts to steal user information and upload it to FTP sites.

McAfee Labs Threat Advisory for NanoLocker

NanoLocker is a ransomware that encrypts certain files on infected machines with public key cryptography. The compromised user has to pay a ransom to the attacker to receive the secret key allowing to decrypt the files.

McAfee detects this threat under the following detection name:

• Ransomware-FCO!partialMD5

Detailed information about the threat, its propagation, characteristics and mitigation can be viewed in the Threat Advisory.

This notification was initially communicated through the McAfee SNS service, to receive Threat Advisories directly from Intel Security please visit the SNS Centre and sign up to "Malware and Threat Reports"

McAfee Labs Threat Advisory for JS/Nemucod

JS/Nemucod is a JavaScript downloader trojan that targets users through malware spam campaigns. JS/Nemucod downloads additional malware and executes it without the user’s consent. JS/Nemucod usually arrives through malicious spam emails with .zip extensions. When a user opens the .zip file and double clicks the JavaScript, the default web browser opens and executes the script.