When URL Shorteners and Ransomware Collide

When URL Shorteners and Ransomware Collide

We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations.

Recently, a URL shortening service was used to shrink a dubious link, obfuscating a malicious destination:

46(dot)30(dot)45(dot)39/Statement.jpg

which was actually a malicious script dowloader “Statement.js”, dropping Cryptowall from

46(dot)30(dot)45(dot)39/yyo.w

Cryptowall is Ransomware which encrypts files on your computer and demands that a ransom be paid in order to receive instructions (private key) for decrypting your files (in this case, RSA-2048 encryption was used).

<…>

There are precautions that can be taken to avoid clicking on a malicious shortened link, such as not clicking on a shortened link if you do not know who it is from. If you want to take additional measures, there are services that unshorten shortened URL’s such as

checkshorturl(dot)com

Furthermore, it is highly recommended that you use anti-virus and anti-malware in conjunction for the best possible protection. Malwarebytes Anti-Malware protects users from this attack, including blocking identified malicious IPs and domains associated with Ransomware.

Read More…

Source:  When URL Shorteners and Ransomware Collide | Malwarebytes Labs


Posted

in

by

Tags: