Author Topic: Fileless Ransomware  (Read 1208 times)

Offline Mvzfka232

  • Comodo Family Member
  • ***
  • Posts: 80
Fileless Ransomware
« on: February 06, 2015, 01:31:03 PM »

news.softpedia.com/news/Fileless-Ransomware-Delivered-through-Malvertising-on-Popular-Sites-472319.shtml


This "extrac32.exe" is a windows file signed by Microsoft.
I don't have any sample of the malware, but i think (my opinion=maybe),
that Comodo will see the action as a your trusted browser is trying to call a trusted signed microsoft program and it will allow it.


I don't have any further knowledge about this...

Offline jwebb

  • Newbie
  • *
  • Posts: 4
    • Elvidence
Re: Fileless Ransomware
« Reply #1 on: March 13, 2015, 02:01:42 AM »
This one is kind of easy to mitigate by patching this vulnerability CVE-2015-0016 (which is a basic registry edit) https://technet.microsoft.com/library/security/MS15-004#ID0E2DAE and patching Adobe Flash player vulnerabilities CVE-2015-0311 and CVE-2015-0313. The later is also easy as all you have to do is to enable autoupdate or download new version of the Flash Player.
 
Computer Forensic Expert [at] Elvidence Pty Limited

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek