Credit to Author: msft-mmpc| Date: Tue, 14 Feb 2017 21:56:15 +0000
The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of unique families released into the wild, and the improvements in malware code reveals otherwise. Ransomware was arguably the biggest security story of 2016….
Read moreWe see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we’re seeing a spam campaign that Amazon customers need to be wary of. The fake emails pretend to be notifications from the online retailer that a purchase has…
Read moreThe latest Nemucod campaign shows the malware distributing a spam email attachment with a .wsf extension, specifically ..wsf (with a double dot) extension. It is a variation of what has been observed since last year (2015) – the TrojanDownloader:JS/Nemucod malware downloader using JScript. It still spreads through spam email attachment, typically inside a .zip file,…
Read moreJavaScript is now being used largely to download malware because it’s easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as Win32/Tescrypt and Win32/Crowti – two pervasive ransomware trojans…
Read moreWe have recently observed that spam campaigns are now using JavaScript attachments aside from Office files. The purpose of the code is straightforward. It downloads and runs other malware. Some of the JavaScript downloaders that we’ve seen are: TrojanDownloader:JS/Swabfex TrojanDownloader:JS/Nemucod TrojanDownloader:JS/Locky The same JavaScript downloaders are also responsible for spreading the following ransomware: Ransom:Win32/Tescrypt Ransom:Win32/Locky…
Read more