Quervar Malware Found to Download ZeroAcess Trojans and Ransomware

The new variant was identified on September 27 by Trend Micro

  FBI ransomware served by Quervar malware
On September 27, security researchers from Trend Micro spotted a new variant of the Quervar malware. The new threat has the same infection routines, but its structure is different compared to previous versions.

On September 27, security researchers from Trend Micro spotted a new variant of the Quervar malware. The new threat has the same infection routines, but its structure is different compared to previous versions.

The malicious element known as Quervar spread like a wildfire back in August 2012. In the first half of September, experts noticed that it was starting to fade away.

However, cybercriminals have launched a new Quervar campaign that comes with interesting payloads: ZeroAccess Trojans and ransomware.

Identified as PE_QUERVAR.E-O, the threat connects to various domains in an attempt to download pieces of malware such as ROJ_RANSOM.CMY, HTML_RANSOM.CMY, and TROJ_SIREFEF.SZP (a ZeroAccess variant).

The ransomware is designed to lock computers and demand ransoms in the name of the FBI.

On the other hand, TROJ_SIREFEF.SZP is a rootkit malware that hides its presence by patching the services.exe file and by disabling all the operating system’s security-related services.

Comments