Blog

CryptoWall Makes a Comeback via Malicious Help Files

A new spam message has a very nasty payload.   The email attachment seems like an innocuous help file (.chm), but instead if you click on it, all of your files can be encrypted.  That means you cannot open or use any of your own documents.  The hackers will put a ransom message on your computer requiring payment to get the key to unlock the files or you have to have a backup.

First there was the cryptolocker virus which used messages such as UPS notices to encrypt all of your data files.  As virus programs and awareness increased about this attack, Cryptowall variation delivered the same payload with a little twist.  Commonly people are told to be careful with archive files such as  .zip, .jar, .tar, .7z, .msi, etc. and executable/script files (.com, .exe, .scr, .bat, .js, .jse, .vb, .vbe, .wsf, .wsh, .cmd). This is the first time the hackers are now using help files (.chm) so beware.

Do not click on any links or advertisements if it’s unclear if they come from trusted sources. The web browser will normally show where the link leads to when the user hovers over the link with the mouse.

To read more details:

http://www.darkreading.com/partner-perspectives/bitdefender/cryptowall-makes-a-comeback-via-malicious-help-files/a/d-id/1319371



About the Author: