UPDATE–Researchers have discovered a variant of the CryptoWall ransomware that has a valid digital signature and is being distributed through malicious ads on several top-ranked Alexa Web sites.
CryptoWall is one of the more successful ransomware strains in recent memory, with researchers estimating last month that the malware had grossed more than $1 million for its creators. The ransomware typically is spread through a couple of vectors, one of which is exploit kits that attack browser vulnerabilities. The other is through spam campaigns that include malicious attachments. This most-recent campaign involves a series of popular sites that are serving malicious ads that infect machines with CryptoWall.
“Upon successful compromise, an instance of CryptoWall ransomware is installed on the victim’s system. The particular instance delivered via tonight’s campaign has a valid digital signature and appears to have been signed just hours before its distribution,” Paul Royal of Barracuda Labs said in an analysis of the new variant.
The new CryptoWall variant is signed with a certificate issued by Comodo and includes a timestamp that shows that it was signed on Sunday, shortly before Barracuda Labs discovered it.
This story was updated on Oct. 3 to reflect that the malware is signed by a certificate from Comodo.