OzoneRAT
Posted: October 27, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 83 |
First Seen: | May 7, 2013 |
---|---|
OS(es) Affected: | Windows |
OzoneRAT is a Remote Access Trojan (RAT) that can hijack your Web browser to redirect you to a threat website or intercept personal information, as well as providing other means of attacking the PC. Like other RATs, OzoneRAT is designed to maintain system persistence without any visible evidence, although its installation requires your consent (such as by interacting with e-mail attachments) typically. You should treat infections by allowing your anti-malware solutions to remove OzoneRAT immediately.
A Whiff of the Wrong Website in the Air
Even the most flexible and advanced of Trojans require very conventional exploits for installing themselves, often, hinging on unintended help from their victims ultimately. For example, OzoneRAT is RAT whose license agreement includes warnings against using it for non-threatening activities, although malware experts already see at least one campaign installing it through spam emails. In that case, the attack uses a fake television bill document with an embedded JavaScript exploit. Launching the JavaScript triggers the OzoneRAT's installation, along with a variety of other, invariably threatening modifications.
Some of the first changes made to the infected PC include setting up a fake SSL certificate, potentially for spoofing protected website communications. OzoneRAT also includes a TOR-based proxy configuration for Internet Explorer, Firefox and Chrome. These Man-in-the-Middle or Man-in-the-Browse style attacks can redirect you from a safe domain to a visually-similar threatening one, such as rerouting you from a bank login to a phishing site.
This original, front-loaded payload must download an additional module for OzoneRAT to conduct other attacks of significance, which it runs via a DLL-injecting exploit. Besides granting a remote attacker widespread access to your PC and control over its UI and settings, OzoneRAT also boasts a semi-unique control feature: being able to create a second instance of the Windows desktop. Although this second desktop is under the attacker's control, it's invisible to the user, which allows con artists to conduct attacks with even more efficiency and less use of potentially cumbersome network commands.
Taking the Toxicity out of Your PC's Atmosphere
Much like the cloud-scraping atmospheric beasts of cryptozoology's fables, OzoneRAT is a threat whose sheer breadth of influence makes it difficult to detect and isolate. OzoneRAT uses encrypted and anonymous network communications, can install other threats or disable security features without needing access to anything other than the Windows UI and does not have to show any overt symptoms without the remote attacker's intent. However, a watchful victim may note the OzoneRAT's impact on carefully monitored system resources, such as RAM.
OzoneRAT is most vulnerable to identification during the install process, such as the previously-mentioned e-mail spam attacks. Malware experts are finding that these attacks are, at present, restricted to German-speaking PC owners, although OzoneRAT's business model of renting usage to third parties makes it likely that it soon will spread elsewhere. Readers might remember that legitimate invoices, and other billing-related documents, never are provided as Word email attachments, and never will include embedded scripts or macros.
Besides guarding against these types of infection exploits, you always can use anti-malware products to delete OzoneRAT before its administrators take greater control over your PC and put a halt to attempted solutions.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 832.51 KB (832512 bytes)
MD5: da2b37ed0761698b36018fe3b30170d8
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 535.16 KB (535160 bytes)
MD5: 199fc3fdc3bd77d7f0c04232b15a3b12
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 25, 2016
file.exe
File name: file.exeSize: 906.75 KB (906752 bytes)
MD5: 5b47d516fe9ecb7bc1d3eb6d4631e274
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 25, 2016
file.exe
File name: file.exeSize: 534.64 KB (534648 bytes)
MD5: 1d6510c0503e6702cde6fa6c3375711c
Detection count: 57
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 25, 2016
file.exe
File name: file.exeSize: 283.13 KB (283131 bytes)
MD5: c00ca3114f32f880ee0d712a20d07b3d
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.