When it is executed on the endpoint, it begins to mine crypto currency. McAfee products detect this threat under following detection name: Photominer! HTML/Phominer Trojan-CoinMiner CoinMiner! GenericRXAG-LR! GenericRXAR-KV! Detailed information about the threat, its propagation, characteristics, and mitigation are in the following sections: Infection and Propagation Vectors Characteristics and Symptoms Mitigation Restart Mechanism McAfee Foundstone Services The minimum DAT versions required for detection are: Detection Name MD5 of samples DAT Version Photominer ABA2D86ED17F587EB6D57E6C75F64F05 V2: 8676 V3: 3127 GenericRXAG-LR FE9787B3D1C40D4CEC154511F7725DA6 V2: 8270 V3: 2721 GenericRXAR-KV 00906A538CAFB606847C38797A5D0202 V2: 8380 V3: 2831 HTML/Phominer.A 063C1E0167D8D0241D605D17444C849B V2: 8552 V3: 3003 Date 6th Oct, th Oct, th Aug, th Aug, th Dec, th Dec, th Jun, th Jun, 2017Ģ Infection and Propagation Vectors Photominer has been around since at least June It works in a cyclic fashion and spreads through vulnerable FTP servers. After the file is downloaded and executed on the client's machine, it starts mining Monero Crypto currency and starts spreading internally in the network. When a user accesses the infected page, they get a pop-up message asking them to run the file by the name Photo.scr.
#Photominer worm code
It infects insecure FTP servers and alters the source code of the HTML page to spread. To receive a notification when a Threat Advisory is published by McAfee Labs, select to receive Malware and Threat Reports at the following URL: Summary Trojan Photominer is a detection for a family of Coin Miner. This Threat Advisory contains behavioral information, characteristics, and symptoms that may be used to mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs. 1 McAfee Labs Threat Advisory Photominer DecemMcAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware.
0 kommentar(er)
