Kaspersky researchers report that new malware called Dorifel has infected more than 3,000 PCs worldwide, more than 90 percent of them in the Netherlands.
“Dorifel is being distributed through phishing emails with a link, which, when clicked, will take the user to a site from which a binary is downloaded,” writes Threatpost’s Dennis Fisher. “The malware then downloads a secondary component that encrypts the files on the infected machine. This is the kind of behavior that one might expect from a piece of ransomware, such as Reveton, but there is no demand for payment from the victim.”
“Researchers are not sure of the exact aim of the infection or its behaviours but Kaspersky Lab believes the attack is financial in nature and possibly related to Zeus,” writes V3.co.uk’s Shaun Nichols. “Researchers studying the infection found that servers hosting the control components for Dorifel hosted a number of other malware attacks and also stored stolen financial information. ‘We did find some interesting financial information, which could be an indication that this malware scam is related to for example ZeuS/Citadel, but since we have not yet identified any malware related to ZeuS/Citadel we cannot confirm it,’ said Kaspersky Lab researcher David Jacoby.”
“An analysis of Dorifel’s command and control server has revealed that it’s poorly configured, hinting to the fact that the group that runs the operation is not very skilled,” writes Softpedia’s Eduard Kovacs. “This may also indicate that the individuals who developed the malware aren’t the same as the ones who are currently using it.”