Quervar Malware Found to Download ZeroAcess Trojans and Ransomware

The new variant was identified on September 27 by Trend Micro

By on October 1st, 2012 20:31 GMT

On September 27, security researchers from Trend Micro spotted a new variant of the Quervar malware. The new threat has the same infection routines, but its structure is different compared to previous versions.

The malicious element known as Quervar spread like a wildfire back in August 2012. In the first half of September, experts noticed that it was starting to fade away.

However, cybercriminals have launched a new Quervar campaign that comes with interesting payloads: ZeroAccess Trojans and ransomware.

Identified as PE_QUERVAR.E-O, the threat connects to various domains in an attempt to download pieces of malware such as ROJ_RANSOM.CMY, HTML_RANSOM.CMY, and TROJ_SIREFEF.SZP (a ZeroAccess variant).

The ransomware is designed to lock computers and demand ransoms in the name of the FBI.

On the other hand, TROJ_SIREFEF.SZP is a rootkit malware that hides its presence by patching the services.exe file and by disabling all the operating system’s security-related services.
FBI ransomware served by Quervar malware
   FBI ransomware served by Quervar malware
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments