ExtraTorrent.cc - The Largest Bittorent SystemLogin   |   Register
Latest Articles
Most searched
Hot torrents
First Cams
View Torrent Info: The.Fate.of.the.Furious.2017.HDTS.H264.AC3.HQ.Hive-CM8
View Torrent Info: The Boss Baby 2017 720p HD-TS x264 AC3-CPG
View Torrent Info: Before I Fall 2017 HDCAM 700MB x264-DiRG
View Torrent Info: The Belko Experiment 2017 HDCAM 700MB x264-DiRG
Hot torrents
XVID DIVX
View Torrent Info: Colossal.2016.HC.HDRip.XviD.AC3-FK
View Torrent Info: The.Devils.Dolls.2016.BRRip.XviD.AC3-EVO
View Torrent Info: Fallen.2016.BRRip.XviD.AC3-EVO
View Torrent Info: Stratton.2017.BRRip.XviD.AC3-EVO
Hot torrents
H264 X264
View Torrent Info: The Green Mile (1999) 720p BluRay x264 AC3 Soup
View Torrent Info: Fallen.2016.720p.BluRay.x264-ROVERS[EtHD]
View Torrent Info: Stratton (2017) 720p BRRiP - 850MB - ShAaNiG
View Torrent Info: Fifty.Shades.Darker.2017.UNRATED.720p.BluRay.x264-DRONES[EtHD]
Hot torrents
BluRay, 4k UHD
View Torrent Info: Fifty.Shades.Darker.2017.UNRATED.Multi.1080p.BluRay.x264.DTSHD7.1-DDR
View Torrent Info: Avatar.2009.4K.HDR.10bit.BT2020.DTS.HD.MA-VISIONPLUSHDR1000
View Torrent Info: The Void 2016 Bluray 1080P x264 DTSHD 5.1 -DDR
View Torrent Info: The Legend of Ben Hall 2016 Bluray 1080p x264 DTSHD5.1 -DDR
Hot torrents
Television
View Torrent Info: The.Blacklist.S04E18.HDTV.x264-KILLERS[ettv]
View Torrent Info: Greys.Anatomy.S13E21.HDTV.x264-KILLERS[ettv]
View Torrent Info: The.Last.Kingdom.S02E07.HDTV.x264-MTB[ettv]
View Torrent Info: Arrow.S05E19.WEB-DL.x264-FUM[ettv]
View Torrent Info: The Game Changer 2017 HC HDrip x264-DiRG
View Torrent Info: Painkiller (2013) x264 720p UNCUT WEB-DL {Dual Audio} [Hindi ORG DD 2.0   English 2.0] Exclusive By DREDD
View Torrent Info: Chandni Bar 2001 480p NFRip ESub -DDR
View Torrent Info: Bhadram (2014) Bluray 1080p x264 DTSHD 5.1 -DDR
30s
Chat
To add new messages please Login or Register for FREE
Warning! Use a VPN When Downloading Torrents!
Your IP Address is 54.225.42.99.   Location is United States
Your Internet Provider and Government can track your torrent activity!  Hide your IP ADDRESS with a VPN!
ExtraTorrent strongly recommends using Trust.Zone VPN to anonymize your torrenting. It's FREE!
Get VPN Now for FREE!


New Malware ALERT


Post a Reply    Subscribe to Topic    
AuthorMessage
YoGi avatar
Posted: Mon Mar 30, 2015 13:24
Author: Admin
Parite.CBR a polymorphic virus which infects all portable EXE files



Description

The Dell Sonicwall Threats Research team observed reports of a Parite bot family named GAV: Parite.CBR actively spreading in the wild. This is the new Variant of Popular Parite which is a polymorphic file infecting virus that infects all portable EXE files found on local and shared network drives.

When Parite run on a system drops a dynamic link library (DLL) to the Windows Temp directory after that the malware injects the DLL into the Explorer.exe process and infects all Executable files on the target machine.

image001.png

Infection Cycle:

Md5: 8d5d796b04a39a81c5bb1a012416b7f9

The Malware uses the following icons:


image002.png

The Malware adds the following files to the system:

%Userprofile%\Local Settings\Temp\dyg3AC.tmp

MD5= 685F1CBD4AF30A1D0C25F252D399A666

C:\WINDOWS\Temp\tvg3AD.tmp

MD5=685F1CBD4AF30A1D0C25F252D399A666

%Userprofile%\Local Settings\Temp\Hx3B.tmp

Md5=9E7370CC3D6A43942433F85D0E2BBDD8

%Userprofile%\Local Settings\Temp\tmpD9.tmp

MD5=CABDA69821AA1D94A9B05C24224961A3

C:\WINDOWS\wigweu.exe [ Service ]

The Malware adds the following [Random name] keys to the Windows registry [As a Service] to ensure persistence upon reboot:

image003.png

image004.png

Malware uses an injected Explorer.exe infects all portable EXE files found on local and shared network drives and after some time it terminates and deletes its own process, here is an example of infected file:

image005.png
image006.png
image007.png

Parite tries to Enumerate open SMB ports on LAN network, When an SMB service is identified, the malware attempts to log in with user names and passwords from a predefined list contains following list:

image008.png

If the malware successfully guesses the remote access credentials of SMB system it installs a copy of malware to the target share network such as following files:


image009.png

Command and Control (C&C) Traffic

Parite has the C&C communication over ports 80,445 and 8080. It sends requests to statically defined IP/Domains on a regular basis.


image010.png

The malware sends a SMB Requests on LAN network to guesses the remote access credentials of target system, here is an example:


image011.png

Parite uses Tor anonymity networks to carry out communication between victims and attackers keeping it away from Security researchers and government enforcement officials.


image012.png

SOURCE
Deztructor avatar
Posted: Mon Mar 30, 2015 13:56
Author: Site FriendET lovermen
Thanks for the info Yogi , can you suggest me some good antivirus?
YoGi avatar
Posted: Mon Mar 30, 2015 14:13
Author: Admin
At the moment, i'm NOT using an anti-virus as windows 8 / 8.1 has MSE ( Microsoft Security Essentials) pre-installed and part of the operating system. (I don't use this machine for any sort of testing!) Windows Defender got a facelift and incorporated Microsoft's lite and NON intrusive anti-virus software.

Yes, being free it is vulnerable to MOST newly created scripts, but depending on what you're doing, this should be more than enough to keep your machine and virus free.

There are many factors to take into consideration.

1. Are you worried about drive-by intrusions/infections.
2. What sort of user-activity do you have to be worried about, and in turn be protected from?
3. Do you have the habit of sandboxing your sessions whilst browsing ?
4. Are cookies/java script and flash enabled in your browser ?
5. Do you use Malwarebytes?
6. Do you have a clean backup copy of your system files or System Restore enabled to access “Shadow Copies” in case of infection ?
7. If you're a POWER USER and debug/test/decrypt software, then you're on the wrong Operating System !
sumi avatar
Posted: Mon Mar 30, 2015 23:10
Author: Trusted UploaderSite FriendET lover
Its very good to know, understand and be more aware and take better caution. Thank you for posting this.

Post a Reply    

Forum Search


  search in post message
  search in topic subject
Forum


Home - Browse Torrents - Upload Torrent - Stat - Forum - FAQ - Login
ExtraTorrent.cc is in compliance with copyrights
Can't load ExtraTorrent? Try our official mirrors: etmirror.com - etproxy.com - extratorrentonline.com - extratorrentlive.com
2006-2017 ExtraTorrent.cc3