Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Discussion in 'malware problems & news' started by ronjor, May 12, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    https://blogs.technet.microsoft.com...lvertising-campaign-and-msrt-cleanup-release/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Last edited: May 12, 2016
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,176
    We had Powerliks at work and the company had Norton installed. It kept telling me I had an infection and it cleared it up. I did some research and found what to look for in task manager. I had also told the IT people about it. They were at the same time trying to fix managers computer because he was infected. I ended up using Esets repair program just for Powerliks.
    I then noticed how Kovter stole some of powerliks stuff. That IT company was fired and we got a new one. They only installed the free version of Malewarebyts and said that is all we needed. I am not so sure how good they are either.
    Yesterday I was looking at Malewarebytes quarantined tab and noticed the Trojan.Kovter listed.
    So some how they both managed to get on our work systems.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Below is my Eset HIPS rule I use to monitor for it:

    Powerlike_1.png

    Powerlike_2.png
     
    Last edited: Jun 4, 2016
  5. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,176
    I was told by IT I can not install any other security programs. As far as my home, I am sure I am covered.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,176
    I should have added , the first thing I did when I was seeing Nortons warnings was install Malwarebytes and do a full scan for Powerlik.

    It did not find anything and so I wonder how long we had this infection before Malwarebytes Caught it?
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,176
    Since we didn't notice any ransomware requests, it must have been stopped before hand. I am hoping. I did run Norton's removal tool and found no infection.
     
Loading...