Menu
MailGuard discovers zero day Cryptor variant vulnerability

MailGuard discovers zero day Cryptor variant vulnerability

New form of malware embedded in .chm documents

Melbourne based email security provider, MailGuard, has identified a new form of malware propagation where Trojans are being embedded in .chm documents.

The malicious emails contain zip file attachments. In this case the zip file is named "Transaction info E579657586.zip", which contain the .chm files.

A sample email containing Cryptor
A sample email containing Cryptor

The .chm files are essentially compiled html files, or web pages, which form part of the help systems for Microsoft and others.

The Visual Basic script downloads an ‘executable’ from a remote web server and runs it locally.

An example of an opened .chm file running on a Microsoft Windows system
An example of an opened .chm file running on a Microsoft Windows system

The remote executable (tv.exe) is the final payload, and has been identified as the Cryptor virus, as initially identified by AVG.

This is not the same as the Cryptolocker virus and the effects of downloading Cryptor through scam email and infected websites is not the same.

The Cryptor designated malware causes havoc on the infected system by secretly installing malware and possibly interrupting normal use of the infected PC by interfering with system processes. It is also used to control the victim's machine and can act as a gateway to installing new malware.

Cryptor is particularly dangerous because it constantly mutates and updates, stealing data and compromising business security.

MailGuard chief executive, Craig McDonald, said the discovery was a timely reminder to business that user education is important to protect the corporate networks from the effects of installing malware such as Cryptor.

Read more: Turbulent financial markets prompt stock pump-and-dump spam: Symantec

“Zero day attacks are successful because there is a window of time before desktop AV vendors update software to detect these scams," McDonald said. "Unless businesses take on a multi-layered approach to network security, including cloud and endpoint security, they are increasing the risk of becoming a target of cybercrime”.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags email trojanvirusesCryptolockermailguardzero day exploitmalwareCryptor

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments