Cryptolocker or Torrentlocker Virus

I spent an hour today 7-7-2016, participating in a Webinar from Trend Micro, discussing the treat from Torrentlocker and the like.  Australia is being hit particularly hard with these viruses.  They come in the form of an email purporting to be from AGL, Australia Post, Australian Federal Police and a few other.

Virus Emails

Do not follow the instructions in the email to enter a CAPTCHA code to download something.

From Trend Micro

If you are a Trend Micro customer:

  • Make sure web reputation is on
  • Must have IP reputation on at least QIL level 2

At the present we have seen 70 compromised websites redirecting traffic to the TorrentLocker landing page:
hxxp://silver-gold-arbat.ru/FgP5XIzvmqGu/9GKsCc8pDIMPA.php?

hxxp://divorcefinancehelp.com/XCEUx/OJ0vid81.php

They are using landing pages such as:
hxxp:// aglbill-tracker2.net

We advise IT Managers:

  • Put such landing pages into firewalls for protection of other servers / devices
    (noting that they will rotate through multiple landing pages). They have changed tactics – and now the landing page is delivering malicious JavaScript rather than using a public download site.

We advise users:

Not to enter Captcha codes to any energy / bill related websites.

AGL1 AGL2

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s