Fred Gutierrez's blog

Contributor: Masaki Suenaga

We have seen an ever increasing use of PDFs for malicious purposes over the past two years. During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of these threats. We see new vulnerabilities related to PDF readers discovered on a regular basis, often being exploited in-the-wild before a patch is available.

We have seen several threats that alter DNS settings in the past; however this Zlob variant will do more than just change DNS settings. It will take advantage of popular search engines and make money for itself using ads and affiliates. In this reincarnation, Zlob has three effective states. The first state is when the Trojan infects the computer and installs itself.

Trojan.Ransompage is interesting because it is the first ransom threat that is designed to target three different browser platforms. Not only has the malware author chosen to target the two most popular browsers in Firefox and Internet Explorer, but Opera is also a target.

We have already written about threats that can encrypt files or lock victims out of their computers in order to extract a ransom. Today I want to talk about yet another similar threat. It uses scare or nuisance tactics—similar to rogue antivirus programs—in an attempt to demand ransom from its victims.