CryptoWall 4 Targets Booking.com Customers

ThreatTrack Security Labs researchers caught wind of a phishing email masking itself as a Booking.com email. The malware-disguised email includes an “E-TICKET_CONFIRM.doc” attachment that, once downloaded, walks the user through steps to enable embedded macro codes that infect the computer with CryptoWall. How It Infects Your System: If users ignore Microsoft’s default security warning, the computer […]

The post CryptoWall 4 Targets Booking.com Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading CryptoWall 4 Targets Booking.com Customers

CryptoWall 4 Targets Booking.com Customers

ThreatTrack Security Labs researchers caught wind of a phishing email masking itself as a Booking.com email. The malware-disguised email includes an “E-TICKET_CONFIRM.doc” attachment that, once downloaded, walks the user through steps to enable embedded macro codes that infect the computer with CryptoWall. How It Infects Your System: If users ignore Microsoft’s default security warning, the computer […]

The post CryptoWall 4 Targets Booking.com Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading CryptoWall 4 Targets Booking.com Customers

Dyre Botnet Using Malicious Microsoft Word Macros

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files […]

The post Dyre Botnet Using Malicious Microsoft Word Macros appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Botnet Using Malicious Microsoft Word Macros

Dyre Botnet Using Malicious Microsoft Word Macros

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files […]

The post Dyre Botnet Using Malicious Microsoft Word Macros appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Botnet Using Malicious Microsoft Word Macros

Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers

Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download […]

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download […]

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

On March 3, security researchers noted that an age-old SSL bug—in existence for more than 10 years—allows hackers under the right conditions to exploit a man-in-the-middle attack and gain access to potentially sensitive information. FREAK (Factoring RSA-EXPORT Keys) SSL relies on outdated ‘export grade’ cryptography settings, which are still contained within some web server code today. According […]

The post FREAK SSL Bug Forces Security Makers to Scramble for a Fix appeared first on ThreatTrack Security Labs Blog.

Continue reading FREAK SSL Bug Forces Security Makers to Scramble for a Fix

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

On March 3, security researchers noted that an age-old SSL bug—in existence for more than 10 years—allows hackers under the right conditions to exploit a man-in-the-middle attack and gain access to potentially sensitive information. FREAK (Factoring RSA-EXPORT Keys) SSL relies on outdated ‘export grade’ cryptography settings, which are still contained within some web server code today. According […]

The post FREAK SSL Bug Forces Security Makers to Scramble for a Fix appeared first on ThreatTrack Security Labs Blog.

Continue reading FREAK SSL Bug Forces Security Makers to Scramble for a Fix