{"id":2445,"date":"2013-03-18T00:00:00","date_gmt":"2013-03-18T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/03\/18\/malwarebytes-uncovers-av-dodging-ransomware-in-java-exploit-kit\/"},"modified":"2021-12-30T11:41:21","modified_gmt":"2021-12-30T11:41:21","slug":"malwarebytes-uncovers-av-dodging-ransomware-in-java-exploit-kit","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/03\/18\/malwarebytes-uncovers-av-dodging-ransomware-in-java-exploit-kit\/","title":{"rendered":"Malwarebytes uncovers AV-dodging ransomware in Java exploit kit"},"content":{"rendered":"

Security firm Malwarebytes has discovered new ransomware being spread by the Neutrino exploit kit, targeting Java with a fake Skype file. Malwarebytes security researchers Jerome Segura and Joshua Cannell reported discovering Neutrino on Monday, warning the ransomware can bypass all major antivirus products.<\/p>\n","protected":false},"excerpt":{"rendered":"

“Malwarebytes identified a ransomware Trojan, part of the Urausy family, which was being spread by a new Exploit Kit dubbed Neutrino. This ransomware sample evaded AV detection for almost a day and uses several levels of encryption to hide its payload,” Segura told V3. “This practice is becoming more and more common these days as it makes detection by looking at traffic packets more difficult.”<\/p>\n

The Neutrino attack pretends to be a legitimate Skype file to gain access to a user’s machine. It’s called this because the ransomware renames itself to “skype.dat” and is placed in the folder, along with a configuration file called “skype.ini,” said Cannell.<\/p>\n

“The skype.dat ransomware has nothing to do with the legitimate Skype program that millions of people use for VoIP communication.”<\/p>\n

At the end of 2012 security firm Symantec issued a report suggesting ransomware scams are now earning criminals as much as $33,000 a day.<\/p>\n

Link: http:\/\/www.v3.co.uk\/v3-uk\/news\/2255480\/malwarebytes-uncovers-av-dodging-neutrino-exploit-kit-targeting-java<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2445","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2445"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2445\/revisions"}],"predecessor-version":[{"id":4932,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2445\/revisions\/4932"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}