0x01 background

The Ramnit virus was first discovered in 2010 and spreads by infecting executable and html files.The ability to communicate with the C&C was added in subsequent variants, allowing attackers to take control of Ramnit-infected botnets.

Ramnit worm spreads through infected EXE, DLL, HTML, HTM files. Opening these infected files on a normal computer will cause newInfection occurs.At the same time, the Ramnit worm virus can also spread worm-like by accessing web pages through browsers, writing to U disk mobile hard disks, and creating U disk self-starting methods.As a result, the virus once caused severe infections around the world, with more than 3.2 million global infections at its peak.

Ramnit is an infectious virus with the largest number of unknown users and the widest impact so far, accounting for more than 20% of the Trojans in the trust zone.And this virus is also one of the most troublesome viruses for users. According to our statistics, since 2010, feedback about the uncleanness of the Ramnit virus has persisted in various security forums.

<