Virobot Ransomware with Botnet and Keylogging Capabilities Spreading via Microsoft Outlook


Malicious attacks are famous in today’s world full of advanced technology, and of course, one of its favourite path to infect a lot of computers is via email. Even though software companies are constantly taking their steps to build up precautions from these attacks, some of them aren’t just as easy to eliminate as there are new of them coming every time.

Recently on a report published by TrendLabs, they said that there is a new threat, the Virobot Ransomware with botnet and keylogging capabilities is affecting the users in the United States. This Ransomware is currently spreading through Microsoft Outlook discovered by TrendLabs.

A Dangerous Vulnerability

“Virobot was first observed in the wild on September 17, 2018, seven days after we analyzed a ransomware variant that imitates the notorious Locky ransomware. Once Virobot is downloaded to a machine, it will check the presence of registry keys (machine GUID and product key) to determine if the system should be encrypted. The ransomware then generates an encryption and decryption key via a cryptographic Random Number Generator. Together with the generated key, Virobot will then send the machine-gathered data to its C&C server via POST”, Trend Micro said in their statement.

The vulnerability is taking its attacks through spam emails using the Microsoft Outlook as its transportation path. This Ransomware can be described as a hybrid one in terms of its two different capabilities.

Botnet Capabilities

Its botnet capabilities is the reason why it has spread quickly throughout the computers. Once the spam email through Microsoft Outlook has been activated, Virobot-infected e-mails will be instantly distributed to the Outlook contact list of the victim. Once the spam email has been sent, it will do the same thing repeating the same steps to spread quickly.

Keylogging Capabilities

A powerful keylogging capability was also associated with this Ransomware. It can record every bit of your activity and steal steals valuable information from the infected user like Credit Card details and Passwords. It can send the details to the C&C server.

Even though it seems that users cannot fully avoid this exploit, we can still take some precautionary measures. Do not open attachments from untrusted sources and use some program that can eliminate spam emails before it reaches your PC and your network.

For latest tech news and updates follow TechnoCodex on Facebook, Twitter, Google+. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.

Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More