PhoenixDzine » Blog Archive And Now, an MBR Ransomware - PhoenixDzine

Pages
Archives
- August 2014
- July 2014
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- December 2009
- September 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- July 2008
- April 2008
- February 2008
- October 2007
Categories
- Android (4)
- Daily Dilbert (676)
- Daily Xhosa (151)
- Domain Names (2)
- Food and Health (1)
- Football (1)
- Industry News (844)
  - Kaspersky (166)
  - Windows Mobile (1)
- My Thoughts (101)
- WebDesign (7)
  - Website SEO (4)
- Webhosting (6)
- wordwall (6)
- World Cup (1,601)
  - World Cup 2010 (1,601)

Pages
Archives
- August 2014
- July 2014
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- December 2009
- September 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- July 2008
- April 2008
- February 2008
- October 2007
Categories
- Android (4)
- Daily Dilbert (676)
- Daily Xhosa (151)
- Domain Names (2)
- Food and Health (1)
- Football (1)
- Industry News (844)
  - Kaspersky (166)
  - Windows Mobile (1)
- My Thoughts (101)
- WebDesign (7)
  - Website SEO (4)
- Webhosting (6)
- wordwall (6)
- World Cup (1,601)
  - World Cup 2010 (1,601)

And Now, an MBR Ransomware

November 29th, 2010Denis Posted in Industry News, Kaspersky | No Comments »

Today my colleague Vitaly Kamluk wrote about a new GpCode-like ransomware which encrypts user’s files with RSA-1024 and AES-256 crypto-algorithms. We’re continuing to investigate this malware and will notify you about our findings.

However, GpCode.ax is not the only piece of ransomware we found today. We’ve just discovered a malware which overwrites the master boot record (MBR) and demands a ransom to retrieve a password and restore the original MBR. This malware is detected as Trojan-Ransom.Win32.Seftad.a and Trojan-Ransom.Boot.Seftad.a.

This ransomware is downloaded by Trojan.Win32.Oficla.cw.

If Seftad.a was downloaded by Oficla.cw and run, the victim’s PC is rebooted and the following message appears on the screen:

Related

Tags: anti-virus, Industry News, Industry News, Information Technology, Internet Security, Kaspersky, security, Software, virus

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

« GpCode-like Ransomware Is Back

Your Xhosa: Mamela mhlobo! = Listen friend! Listen & learn: »

%d bloggers like this: