By Jed Valderama, Ian Kenefick, and Miguel Ang – Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again.
Current findings prove that its developers are actively devising new means to stay ahead of the security measures meant to thwart it. This time, the new wave of spam from this botnet is using the internet query file IQY to evade detection.
Necurs has cropped up in various cyberattack reports through the years, including a 2017 incident in which it was used to distribute Locky ransomware. Its current use of the IQY file type as an initial infection vector makes it notable. IQY files are also text files with a specific format. Its purpose is to allow users to import data from external sources to the user’s Excel spreadsheet.
By default, Windows recognizes IQY files as MS Excel Web Query Files and automatically executes it in Excel – The role of IQY files…
Lese weiter auf: Necurs Poses a New Challenge Using Internet Query File
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- New CVE-2018-8373 Exploit Spotted
- Viro Botnet Ransomware Breaks Through
- September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
- A Closer Look at the Locky Poser, PyLocky Ransomware
- Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
- The Urpage Connection to Bahamut, Confucius and Patchwork
- IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF
Diese Information erscheint unabhängig vom Artikel!