Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Unencrypting Extortion Malware SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unencrypting Extortion Malware
The good people at Kaspersky have once again provided a free utility to "unencrypt" extortion malware.  Trojan.Win32.Krotten  is used to extort cash from infected users. "Krotten differs from GPCode in that GPCode encrypted data saved to disk. Krotten corrupts the system registry." Details and a link to the utility are in their blog today.

Thanks Kaspersky!
Patrick

193 Posts
Nov 8th 2005

Sign Up for Free or Log In to start participating in the conversation!