When this particular variant is executed, it opens Internet Explorer with a specific page (lex.creativesandboxs.com/locker/lock.php) and prevents the user from doing anything else with the infected system. The webpage that was opened presumably showed some type of extortion message, but it’s currently unavailable because the site is offline.

via ZeuS Ransomware Feature: win_unlock – F-Secure Weblog : News from the Lab.

Nessun commento.

Aggiungi il tuo commento