HackDig : Dig high-quality web security articles for hacker

New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail

by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that saw i
Publish At:2017-10-21 18:05 | Read:2637 | Comments:0 | Tags:Malware macro sandbox Spam

Mouseover PowerPoint attack exploited to deliver the Gootkit Trojan

Experts at Trend Micro observed a spam campaign leveraging the PowerPoint ‘Mouseover’ attack to deliver the Gootkit banking Trojan. Earlier this week, the security expert Ruben Daniel Dodge published an interesting post on a new technique to deliver malware through PowerPoint files leveraging on mouseover events. Now experts at Trend Micro reveal
Publish At:2017-06-10 06:00 | Read:3253 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware banking trojan Goo

Threat Recap: Week of March 21st

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week. Microsoft Addresses Macro Malware Issue With macros being a major vulnerability point in Microsoft Office software, the 2016 version of th
Publish At:2016-03-25 15:30 | Read:3418 | Comments:0 | Tags:Threat Research Breach cybersecurity DDOS healthcare breach

A new Drydex campaign targeted British businesses

Security experts at IBM X-Force team discovered a new hacking campaign based on the infamous Dridex trojan. Security experts at IBM X-Force team discovered a new wave of attacks based on the Dridex malware targeting British businesses. The malware has targeted rich UK bank accounts in a new campaign that is operated by threat
Publish At:2016-01-21 23:45 | Read:3993 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking Cybercrime Dridex

Beware of DOC! A look on malicious macros

Some malware families often use spam campaigns as a method of distribution. Usually they deploy simple social engineering tricks – trying to deliver packed executable in disguise of a document, i.e. PDF (as we mentioned before). Such trick may fool some users – however, more advanced of them will notice that the real extension of the file is .exe
Publish At:2015-10-23 08:50 | Read:3116 | Comments:0 | Tags:Malware Analysis dridex macro spam

Macro Threats and Ransomware Make Their Mark: A Midyear Look at the Email Landscape

Email can be considered a big business—for cybercrime. In 2014, 196.3 billion emails were sent and received daily. Of that number, 108.7 billion were business emails. With the volume of business emails sent daily, it would be unimaginable for cybercriminals not to take advantage of email to target big businesses. And those attempts can result in million-doll
Publish At:2015-09-01 00:30 | Read:2964 | Comments:0 | Tags:Spam 1H 2015 spam roundup email email roundup macro spam rou

A new variant of Bartalex used to serve Dyre and Pony Trojans

Researchers have spotted a new strain of the Bartalex macro-based malware that is used to drop the Pony loader malware and the popular Dyre banking Trojan. Bartalex is a macro-based malware that was first discovered earlier this year, security researchers have spotted a new strain of this malicious code dropping the Pony loade
Publish At:2015-07-23 07:00 | Read:3656 | Comments:0 | Tags:Cyber Crime Malware Security Bartalex Dyre macro malware Pon

Deobfuscating Malicious VBA Macro with a Few Lines of Python

Just a quick post about a problem that security analysts are facing daily… For a while, malicious Office documents are delivered with OLE objects containing VBA macros. Bad guys are always using obfuscation techniques to make the analysis more difficult and (try to) bypass basic filters. This makes the analysis not impossible but boring and time consum
Publish At:2015-06-09 21:00 | Read:2662 | Comments:0 | Tags:Malware Security Macro Python VBA

Dyre Botnet Using Malicious Microsoft Word Macros

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files as s
Publish At:2015-06-09 06:40 | Read:3854 | Comments:0 | Tags:Featured ThreatTrack Security Labs botnet Dyre macro microso

Malicious MS Word Document not Detected by AV Software

[This blogpost has also been published as a guest diary on isc.sans.org] Like everybody, I’m receiving a lot of spam everyday but… I like it! All unsocilited received messages are stored in a dedicated folder for two purposes: An automatic processing via my tool mime2vt A manual review at regular interval This helps me to find new types of spam
Publish At:2015-04-07 23:55 | Read:5288 | Comments:0 | Tags:Malware Security Macro VBA Word

Malicious Word Macro Caught Using Sneaky Trick

There has been a slew of malicious Word documents attached to email purporting to be invoices, receipts, etc. This particular one caught my eye but I’m not sure if this is an old trick. I just haven’t seen this method used before and thought it was quite clever. Here’s the email that had a zipped file attached. The zipped file contained
Publish At:2015-03-07 07:00 | Read:2980 | Comments:0 | Tags:Malicious Email Malscript email invoice macro malware vba vb

A new strain of banking trojan VAWTRAK uses Macros and abuses Windows PowerShell

Security experts at TrendMicro observed significant improvements in VAWTRAK banking trojan which couples use malicious macros and Windows PowerShell. Early 2015 the Microsoft Malware Protection Center (MMPC) issued an alert about a surge in the infections of malware using macros to spread their malicious code. The experts MMPC
Publish At:2015-02-25 12:00 | Read:2663 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking trojan Cybercrime

Notorious Malware Improvements and Enhancements of 2014

2014 was a year that was marked with numerous changes in the threat landscape. We saw a lot of improvements in existing malware, either with new evasion techniques or versions. We even saw some old techniques and attacks resurface in the landscape. Evasion Tactics We are seeing more malware incorporate Tor in their routines as a method of evasion. We have se
Publish At:2015-02-23 16:25 | Read:3463 | Comments:0 | Tags:Malware 2014 64-bit malware crypto-ransomware iOS Mac OS mac

Banking Malware VAWTRAK Now Uses Malicious Macros, Abuses Windows PowerShell

Last year we saw how the Windows PowerShell® command shell was involved in spreading ROVNIX via malicious macro downloaders. Though the attack seen in November did not directly abuse the PowerShell feature, we’re now seeing the banking malware VAWTRAK abuse this Windows feature, while also employing malicious macros in Microsoft Word. The banking malwa
Publish At:2015-02-20 09:40 | Read:2935 | Comments:0 | Tags:Malware banking malware macro Spam VAWTRAK Windows Powershel

Spam campaign relies on macros embedded in empty Word documents

Experts at Bitdefender have discovered a spam campaign that tricks antispam filters by relying on macros in Empty Word Documents. Security experts at BitDefender observed a new tactic adopted by spammers that rely on emails with an empty Word document in the attachment to bypass anti-spam filters. The social engineering strate
Publish At:2015-01-29 05:45 | Read:3545 | Comments:0 | Tags:Cyber Crime Malware Security BitDefender Cybercrime macro Mi

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud