An article from IBM Security about macro malware is one of our favorites from the last couple of weeks. It covers some of the attack vector’s history and provides tips for how to detect this kind of malicious activity. A new Mirai variant is targeting routers, among other devices. A tool for rotating your source IP address is also included.
For more articles, check out our #onpatrol4malware blog.
How to Fight Back Against Macro Malware
Source: SecurityIntelligence (IBM)
But all too often, malicious payloads are served up via macros in productivity files, accounting for much of the overall malware delivery around the world. Why macro malware? Read more.
Directed attacks against MySQL servers deliver ransomware
Someone is attacking internet-facing Windows database servers with GandCrab ransomware. […] using SQL database commands […] to retrieve a GandCrab payload hosted on an IP address in Quebec, Canada Read more.
Malspam Campaigns Use HawkEye Keylogger to Target Businesses
Source: Bleeping Computer
Attackers have been observed targeting businesses on a worldwide scale during the last two months with the HawkEye keylogger malware according to a report from IBM X-Force. Read more.
New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices
We discovered a new variant of Mirai (detected as Backdoor.Linux.MIRAI.VWIPT) that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks Read more.
How to rotate your source IP address
Source: Black Hills Information Security
One of the ways to bypass IP filtering is to use rotating source IPs. ProxyCannon is an amazing tool for automatically routing your traffic through multiple cloud servers to diversify the source IP addresses of your traffic. Read more.
Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector
Source: The Register
The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs – potentially unwanted programs. Read more.
Slack Bug Allows Remote File Hijacking, Malware Injection
A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered.Read more.
Xwo, the malware that scans the Internet for vulnerabilities
Source: Panda Security
Xwo, a new piece of malware discovered by AT&T’s Alien Labs searches the Internet for possible vulnerabilities. Read more.