Wednesday, November 23, 2016

Facebook Messenger Spreads Locky Ransomware


Cyber criminals are using Facebook messenger to spread Locky ransomware via images.

Researcher Bart Blaze discovered the attack which uses .SVG image file to deliver the malware. SVG images are being used because the criminals can contain embedded content and be opened in browsers.

Clicking on the image redirects the victim to a fake YouTube site. Once there, the site would prompt users to download and install a codec extension in Google Chrome in order to view the video.


The SVG image contains a Nemucod downloader which in some cases carries the Locky ransomware. However, Google and Facebook have been made aware of the scam.

If the victim installed the extention, it will show as two names, Ubo and One. In order to remove the extention, just go to Menu ? More Tools ? Extensions and check for the extension and remove it.

However, if you become the victim of ransomware, your only choice is to use a backup of your files, otherwise you are screwed.

Researchers advise: "As always, be wary when someone sends you just an 'image' – especially when it is not how he or she would usually behave."

Source: The Hacker News 
The Tech Zone
The Tech Zone

This is a short biography of the post author. Maecenas nec odio et ante tincidunt tempus donec vitae sapien ut libero venenatis faucibus nullam quis ante maecenas nec odio et ante tincidunt tempus donec.

No comments:

Post a Comment