An article from IBM Security about macro malware is one of our favorites from the last couple of weeks. It covers some of the attack vector’s history and provides tips for how to detect this kind of malicious activity. A new Mirai variant is targeting routers, among other devices. A tool for rotating your source IP address is also included.

For more articles, check out our #onpatrol4malware blog.

Windows updates

How to Fight Back Against Macro Malware 

Source: SecurityIntelligence (IBM)

But all too often, malicious payloads are served up via macros in productivity files, accounting for much of the overall malware delivery around the world. Why macro malware? Read more.

Windows updates

Directed attacks against MySQL servers deliver ransomware

Source: Sophos

Someone is attacking internet-facing Windows database servers with GandCrab ransomware. […] using SQL database commands […] to retrieve a GandCrab payload hosted on an IP address in Quebec, Canada Read more.

macro malware

Malspam Campaigns Use HawkEye Keylogger to Target Businesses

Source: Bleeping Computer

Attackers have been observed targeting businesses on a worldwide scale during the last two months with the HawkEye keylogger malware according to a report from IBM X-Force. Read more.

Windows updates

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices 

Source: TrendMicro

We discovered a new variant of Mirai (detected as Backdoor.Linux.MIRAI.VWIPT) that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks Read more.

macro malware

How to rotate your source IP address  

Source: Black Hills Information Security

One of the ways to bypass IP filtering is to use rotating source IPs. ProxyCannon is an amazing tool for automatically routing your traffic through multiple cloud servers to diversify the source IP addresses of your traffic. Read more.

Windows updates

Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector

Source: The Register

The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs – potentially unwanted programs. Read more.

macro malware

Slack Bug Allows Remote File Hijacking, Malware Injection

Source: Threatpost

A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered.Read more.

Malware Patrol

Xwo, the malware that scans the Internet for vulnerabilities

Source: Panda Security

Xwo, a new piece of malware discovered by AT&T’s Alien Labs searches the Internet for possible vulnerabilities. Read more.