On September 27, security researchers from Trend Micro spotted a new variant of the Quervar malware. The new threat has the same infection routines, but its structure is different compared to previous versions.The malicious element known as Quervar spread like a wildfire back in August 2012. In the first half of September, experts noticed that it was starting to fade away.
However, cybercriminals have launched a new Quervar campaign that comes with interesting payloads: ZeroAccess Trojans and ransomware.
Identified as PE_QUERVAR.E-O, the threat connects to various domains in an attempt to download pieces of malware such as ROJ_RANSOM.CMY, HTML_RANSOM.CMY, and TROJ_SIREFEF.SZP (a ZeroAccess variant).
The ransomware is designed to lock computers and demand ransoms in the name of the FBI.
On the other hand, TROJ_SIREFEF.SZP is a rootkit malware that hides its presence by patching the services.exe file and by disabling all the operating system’s security-related services.