Skip to main content
Customer Support Customer Support

Documents with malicious macros deliver fileless malware

  • March 14, 2016
  • 1 reply
  • 1 view
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware, researchers warn

 
By Lucian Constantin  Mar 14, 2016
 
Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.
 
Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.
 The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.
 
The documents contained macros that, if allowed to run, execute a hidden instance of powershell.exe with special command-line arguments. Windows PowerShell is a task automation and configuration management framework that's included in Windows by default and comes with its own scripting language.
 
Full Article
    RetiredTripleHelix
    Baldrick
    Ssherjj

    1 reply

    R
    Community Guide

    It's 2016 and the macro virus is still a thing thanks to phools phalling for spear phishing

    BY: 15 Mar 2016 at 07:30, Richard Chirgwin
     
    Microsoft's PowerShell has once again become an attack vector for malware, this time a file-less attack dubbed "Powersniff" by Palo Alto Networks.
    The attack arrives through e-mails containing Word documents bearing malicious macros, almost as if it isn't more than 15 years since the first macro viruses were let loose on the world.
    Infected files are being distributed in standard spear-phishing attacks.
    Once the document is loaded, Powersniff gets to work, either running automatically or – if the user's machine is locked down a bit more tightly – asking permission to run (Palo Alto Networks has concealed the URLs in the example):
     
    full article here:
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    Terms & ConditionsAccessibility statement