The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec. The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign.
Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user’s OS, Windows or Mac OS X and executes the corresponding installer.
“The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device,” Symantec explained in a blog post.
Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also, the threat is capable of spreading to Windows Mobile devices by dropping modules onto devices connected to compromised Windows computers, but does not affect Android or iPhone devices.
However, the Symantec researchers don’t know what these modules do yet. “We currently do not have copies of these modules and hence we are looking for them so we can analyze them in greater detail,” Katsuki said.
“We currently do not have copies of these modules and hence we are looking for them so we can analyze them in greater detail,” Katsuki wrote. If you are the intended target, it’s very important that you have good security measures.