Malware Traders Switch To Less Suspicious File Types

Uploaded on 2017-02-20 in TECHNOLOGY--Resilience, NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.

Recently, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.

PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.

In the recent campaign seen by Microsoft, the malicious LNK files contained a PowerShell script that downloaded and installed the Kovter click fraud Trojan. The same technique has been used in the past to distribute the Locky ransomware.

Recently researchers from Intel Security warned that PowerShell can also be used in so-called fileless attacks, where the malicious code is launched directly into memory and nothing is saved to disk for endpoint security products to detect.

"You may think that you are protected from fileless malware because your PowerShell execution policies are set to 'Restricted' so that scripts can’t run," the Intel Security researchers said in a blog post. "However, attackers can easily bypass these policies."

Another file type used to distribute malware in recent months has been SVG (Scalable Vector Graphics). While many people correctly associate .SVG files with images, it's a little-known fact that such files can actually contain JavaScript.

Attackers have been using SVG files to execute obfuscated JavaScript when users open what they believe to be images inside their browsers. These obfuscated scripts are used to launch malicious file downloads, incident responders from the SANS Internet Storm Center warned in a recent report.

Google plans to block JavaScript file attachments in Gmail from February 13th, regardless of whether they're attached directly or within archive files like ZIP. Such restrictions from email providers will likely force cybercriminals to find alternative file formats that allow hiding malicious code.

Banning LNK or JS file attachments is easy, because it's rare for people to send such files via email. However, banning SVG might prove impractical since it's a widely used image format.

Computerworld

‘Magic’ Ransomware Is Based On Open-Source Code:          Ransom Worm: The Next Level Of Cybersecurity:

 

« Does Russia’s Election Meddling Break International Law?
Police Using IoT To Detect Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

Panaseer

Panaseer

The Panaseer Security Data Lake is a big data analytics software platform providing joined-up visibility of business risk from cyber.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

KPN

KPN

KPN is a leading supplier of ICT services including Cyber Security, Identity & Privacy, Secure Communications and Business Continuity.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.