skip to primary navigationskip to content
 

Latest Virus Alerts

Cryptolocker (10th October 2013)

There have been multiple incidents of Cryptolocker ransom ware detected in institutions where files have been encrypted on network shares.  Infected systems will also display a message asking for $300 or 300 Euros to decrypt your files.  Infected systems will try and scan any network share or mapped drive it can access, as well as encrypting locally found files.  If it can it will try and encrypt a very large range of Windows file types.    Success of encryption will depend on the rights of the logged in user to the shares in question.   High or Very High Heuristics need to be set in McAfee to detect components of this malware.  If not, it will not detect some or all of it.  

We have an Extra.dat (see link below) which will pick up other components which were not being picked up at all in initial infections.  Users of the managed ePO service have had this deployed already.

Currently there is no way to decrypt the files, if you are affected you will have to go to backups to recover documents.

The following files have been found been on an infected system;

dacusimekces.exe
kWTa2.exe
retln.exe (Requires attached extra.dat)
SHuc.exe
xictijyleaze.exe

Some more info;

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=245198
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/
http://www.geek.com/apps/disk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402/

W32/autorun.worm.aaeb-h (29th November 2012)

McAfee has received multiple reports of customers who are severely affected by variants of W32/autorun.worm.aaeb-h.
W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.
The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

For more information on McAfee product coverage and mitigation for this threat, see Threat Advisory: W32/Autorun.worm.aaeb:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24169/en_US/Threat%20Advisory_W32_Autorun_worm_aaeb-h.pdf

Newly Discovered World-Wide Threats

McAfee's webpage of newly discovered threats can be found at http://www.mcafee.com/threat-intelligence/malware/latest.aspx. A more general summary of such threats (which aims to cover the differing names they are known by) can be found at http://maec.mitre.org/.

Hoaxes

You may sometimes receive warnings forwarded to you by someone you know which describe frightening new e-mail based viruses (e.g. Jdbgmgr.exe hoax). These are almost always hoaxes. These hoaxes can generally be identified by a request to forward the information to everyone you know. No genuine anti-virus information will make this suggestion! More information can be found at: http://www.ucs.cam.ac.uk/docs/faq/security/u1.

Unknown Viruses

If you find that there is no known virus which exhibits the symptoms that you are seeing, and you have a copy of a file that you believe contains the virus code, you can find information on how to submit a virus sample to McAfee here: How To Submit A Virus Sample.