Author Topic: Fileless Ransomware  (Read 2791 times)

Offline Mvzfka232

  • Comodo Family Member
  • ***
  • Posts: 80
Fileless Ransomware
« on: February 06, 2015, 01:31:03 PM »

This "extrac32.exe" is a windows file signed by Microsoft.
I don't have any sample of the malware, but i think (my opinion=maybe),
that Comodo will see the action as a your trusted browser is trying to call a trusted signed microsoft program and it will allow it.

I don't have any further knowledge about this...

Offline jwebb

  • Newbie
  • *
  • Posts: 4
    • Elvidence
Re: Fileless Ransomware
« Reply #1 on: March 13, 2015, 02:01:42 AM »
This one is kind of easy to mitigate by patching this vulnerability CVE-2015-0016 (which is a basic registry edit) and patching Adobe Flash player vulnerabilities CVE-2015-0311 and CVE-2015-0313. The later is also easy as all you have to do is to enable autoupdate or download new version of the Flash Player.
Computer Forensic Expert [at] Elvidence Pty Limited


Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek