By Jed Valderama, Ian Kenefick, and Miguel Ang – Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again.

Current findings prove that its developers are actively devising new means to stay ahead of the security measures meant to thwart it. This time, the new wave of spam from this botnet is using the internet query file IQY to evade detection.

Necurs has cropped up in various cyberattack reports through the years, including a 2017 incident in which it was used to distribute Locky ransomware. Its current use of the IQY file type as an initial infection vector makes it notable. IQY files are also text files with a specific format. Its purpose is to allow users to import data from external sources to the user’s Excel spreadsheet.

By default, Windows recognizes IQY files as MS Excel Web Query Files and automatically executes it in Excel – The role of IQY files…

Lese weiter auf: Necurs Poses a New Challenge Using Internet Query File
Quelle: TrendLabs Malware Blog

Kommentare und Fragen
Möchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog

Diese Information erscheint unabhängig vom Artikel!

DSGVO-Informationen by TRADAR
Glaubst Du, dass Deine Freunde diese Information noch nicht kennen? Teile es mit ihnen.