CryptoWall evolves to avoid detection
Posted by: Timothy Weaver on 01/09/2015 10:22 AM
[
Comments
]
CryptoWall has evolved and is frustrating security researchers.
Earl Carter, a researcher with Cisco Talos said: “It keeps evolving.” Cybercriminals “seem to be continually morphing things, trying to make it more effective.”
The sample of CryptoWall analyzed by Cisco was sent via email in a “.zip” attachment. If opened, the malware will check to see if it is running in a virtual machine, according to Carter.
The hackers don't want researchers to look at the malware in a virtual machine. If CryptoWall finds it is not in a VM, it continues to decrypt itself. It then communicates with command-and-control servers using the Tor network.
Unfortunately, researchers are unable to see the IP addresses of the servers that CryptoWall connect to.
Earl Carter, a researcher with Cisco Talos said: “It keeps evolving.” Cybercriminals “seem to be continually morphing things, trying to make it more effective.”
The sample of CryptoWall analyzed by Cisco was sent via email in a “.zip” attachment. If opened, the malware will check to see if it is running in a virtual machine, according to Carter.
The hackers don't want researchers to look at the malware in a virtual machine. If CryptoWall finds it is not in a VM, it continues to decrypt itself. It then communicates with command-and-control servers using the Tor network.
Unfortunately, researchers are unable to see the IP addresses of the servers that CryptoWall connect to.
Comments
