Ramnit keeps coming back
Using social engineering attacks or phishing email campaign, payload file can be delivered to users. Upon launching the file, it executes VBScript & drops the malicious executable “svchost.exe” that replicates & injects itself into the system files & processes. Later it opens a back door and connect to a C&C server to steal information from the compromised computer.
SonicWALL Threat Lab provides protection against this threat via the following signature: