New Virobot Ransomware with Botnet is spreading via Microsoft Outlook

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A new Botnet ransomware is currently spreading through Microsoft Outlook. The vulnerability was first discovered by TrendLabs who disclosed in a report that Virobot has both ransomware and botnet capabilities.

The vulnerability is spreading through a spam e-mail attack and is using Microsoft Outlook as the transportation route for the email.

Virobot was first observed in the wild on September 17, 2018, seven days after we analyzed a ransomware variant that imitates the notorious Locky ransomware. Once Virobot is downloaded to a machine, it will check the presence of registry keys (machine GUID and product key) to determine if the system should be encrypted. The ransomware then generates an encryption and decryption key via a cryptographic Random Number Generator. Together with the generated key, Virobot will then send the machine-gathered data to its C&C server via POST, mentioned Trend Micro.

Not only that, but Virobot can also record keystrokes and share the sensitive data like Credit Card details and Passwords. The keylogger sends these details to the C&C server. As a precaution, make sure you don’t open attachments from un-trusted sources.

Via: The Windows Club

More about the topics: microsoft, Microsoft Outlook

Leave a Reply

Your email address will not be published. Required fields are marked *