By Jed Valderama, Ian Kenefick, and Miguel Ang – Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again.
Current findings prove that its developers are actively devising new means to stay ahead of the security measures meant to thwart it. This time, the new wave of spam from this botnet is using the internet query file IQY to evade detection.
Necurs has cropped up in various cyberattack reports through the years, including a 2017 incident in which it was used to distribute Locky ransomware. Its current use of the IQY file type as an initial infection vector makes it notable. IQY files are also text files with a specific format. Its purpose is to allow users to import data from external sources to the user’s Excel spreadsheet.
By default, Windows recognizes IQY files as MS Excel Web Query Files and automatically executes it in Excel – The role of IQY files…
Lese weiter auf: Necurs Poses a New Challenge Using Internet Query File
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
- Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch
- December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities
- New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers
- Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities
- New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
- Water and Energy Sectors Through the Lens of the Cybercriminal Underground
- Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices
- Fake Voice Apps on Google Play, Botnet Likely in Development
- AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor
Diese Information erscheint unabhängig vom Artikel!