13th September 2016 By Alexandra Gheorghe
Recipients are advised to open the files with Microsoft Publisher, a paid desktop publishing software application embedded in Microsoft Office 365. It’s commonly used as an editor and layout tool for creating leaflets, postcards, newsletters, e-mail newsletters or greeting cards.
.Pub is not your typical file format to host malware,” says Adrian Miron, Head of Antispam Lab at Bitdefender. “Spammers have chosen it because people don’t usually associate this type of file with the possibility of infection.”The .pub file contains a script (VBScript) that embeds a URL acting as a remote host. From this location, the malware downloads a self-extracting cabinet file containing an AutoIt script, a tool to run the script and an AES-256 encrypted file. The cyphered file can be decrypted using a key derived from the MD5 of a text written in the AutoIt file, antimalware researchers noticed.
Full Article
