Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Suspected of ransomware through Fiddler

I have 10 computers running freshly installed Windows 7 (SMB 1.0 protocol disabled). Only the ones having Fiddler installed are infected with ransomware (encrypting the files for a BTC ransom with email: drakoshka@yahoo.com).
The first attack happened few weeks ago and yesterday again. The only external software other than Windows installed on the infected machines is Fiddler.
Please check your environment in any case, you may be infected somehow.

  • ali veli
  • Sep 29 2017
  • Under review
Bug
  • Attach files
  • ali veli commented
    29 Sep, 2017 05:59pm

    @Eric Lawrence: The ransomware just infected the machines with Fiddler installed. That's why I warned you.
    I can't say 100% it comes with Fiddler but If you're using some external component or installer keep that in mind.

     
  • Eric Lawrence commented
    29 Sep, 2017 05:18pm

    > "The only external software other than Windows installed on the infected machines is Fiddler"

    You mean, the only external software on the infected machines is "Fiddler, and of course the ransomware itself."

    In the vast vast majority of cases, ransomware infections originate from web browsers, where malicious advertisements trigger ransomware downloads.