VBS_CRIGENT.LK
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 3,827 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 1,193 |
| First Seen: | April 10, 2014 |
| Last Seen: | September 9, 2023 |
| OS(es) Affected: | Windows |
VBS_CRIGENT.LK is a threat based on Windows PowerShell scripts, which makes VBS_CRIGENT.LK particularly sophisticated and difficult to deal with. Threats that use the Windows PowerShell scripts in an attempt to circumvent detection have started to increase in popularity, with VBS_CRIGENT.LK been just an example of these types of attacks. PowerShell scripts are used legitimately for automating certain tasks and making the Windows 7 administration easier than normal. There are also older versions of this feature available in an additional package for Windows XP. It is important to note that abusing these types of scripts is not a new feature and that cybercrooks have used it to try to carry out certain primitive attacks. However, persons with more sophisticated resources at their disposal have started to take advantage of this feature to produce more complex threats such as VBS_CRIGENT.LK.
The Modus Operandi of VBS_CRIGENT.LK and Similar Threats
Detected often simply as 'Backdoor.Trojans,' threats like VBS_CRIGENT.LK use complex obfuscation and inject its threatening code into running memory processes in order to permit third parties to obtain access to the infected computer. The VBS_CRIGENT.LK script executes threatening code and injects it into the rundll32 system memory process, making its detection much more difficult than normal. This threatening code connects to a remote server and receives instructions, which it can then execute without being detected. VBS_CRIGENT.LK can be known as CRIGENT or as Power Worm. Typically, VBS_CRIGENT.LK is distributed using threatening DOC or XLS files that are distributed using social engineering tactics or other threats.
VBS_CRIGENT.LK uses PowerShell scripts to infect DOC and XLS files on the infected computer, infecting them with VBS_CRIGENT.LK's threatening code in a way similar to the way worms can spread. The VBS_CRIGENT.LK attack combines Tor, PowerShell and Cloud in a way that is quite complex. This has prompted PC security researchers to suggest PC users to take measures to safeguard their computers from threatening PowerShell scripts. This may be done by avoiding unknown scripts and by altering PowerShell's default execution settings to ensure that it will not execute scripts automatically or allow scripts to gain threatening levels of access.
URLs
VBS_CRIGENT.LK may call the following URLs:
| hfindmyobituaries.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.