I'm caught up this week in a lengthy internal meeting, and next week with Virus Bulletin in Dallas, but I couldn't resist a quick follow-up to the Gaelic ransomware posts here and here. The indefatigable Kafeine (heartfelt hat tip!) has laid his hands on another copy of the scam message, and this time it does come complete with Irish flag (and, to my eye, much the same social engineering).
(Click on the image to get it full size.)
The malware is currently detected by 9/41 vendors, according to VirusTotal, and the hash is 1946d4508691a113651a4ef202ba15fe.
If you'd like to get some information on this particular branch of the graphic design cottage industry, complete with a nice range of other designs in a range of languages (including English), you might want to check out Kafeine's post here (and Malekal's - in French - on Ransomware « Trojan.Casier » Panel). I must admit that the post appeals immensely to my inner philatelist, as well as providing me with some interesting info on an aspect of this type of malware that I hadn't really looked at before.
There's also an example of a particularly fine miscommunication between designer and scammer: a design in Iranian targeting Irish speakers. Now there's an Irish joke worth a shot or two of uisce beatha. Unless they know something about the ethnic makeup of the Irish population that I don't.
Meanwhile, I look forward to the first design in Welsh. Iechyd da!
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
