dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
378
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

Reveton strikes back...

"A veteran strain of ransomware called Reveton has mutated once again and is now infecting Windows PCs in the United States and abroad by disguising itself as Windows library, or DLL, files, in order to better escape the notice of victims.":

»www.foxnews.com/tech/201 ··· -tricks/

Hackers are very skilled at modifying their creations (not a good thing for the rest of us).
psloss
Premium Member
join:2002-02-24

psloss

Premium Member

Weird, 'cause many Reveton variants used DLLs last year. (Of course, most of the write-ups focused on something else.)

(Reveton and other 'FBI/Moneypak' ransomware was popular prior to the Cryptolocker-style of ransomware, holding operation of the system hostage rather than Cryptolocker and copycats holding user data hostage.)

planet
join:2001-11-05
Oz

planet

Member

Wonder if running as limited user would mitigate this type of infection? Does UAC notify before DLLs are run?

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by planet:

Does UAC notify before DLLs are run?

No. UAC only affects processes (.exe etc). Processes load DLL's.

planet
join:2001-11-05
Oz

planet

Member

said by StuartMW:

processes (.exe etc). Processes load DLL's.

Basically riding piggy back.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Sort of.

DLL = Dynamic Link Library

They're common code/data that can be shared between processes. If already in memory (i.e. a process already loaded it) it is simply used. If not it's loaded from HD into memory.

A DLL is not an executable in itself--a process must load it and call any code in it. That can be done automatically (by the OS) or manually by the process itself.