It is currently 20-10-2017 06:32

Attackers use PUB files to theft of corporate data

Attackers use PUB files to theft of corporate data

by sigismund » 2016-09-15 11:10:10


during a spam campaign, the criminals spread a backdoor that allows access to compromise your computer.


Researchers at Bitdefender have fixed the spam campaign, where criminals distribute backdoor disguised as a Microsoft Publisher file (.pub) designed to steal sensitive corporate information. Basically the cyber criminals interest the enterprises of small and medium businesses. Trojan has not yet received a name, and is currently detected as Generic.Malware.SFLl.545292C, according to Hot For Security.

Emails that refer to different Chinese and British brands that contain an attachment in the form of a Microsoft Publisher file. After its opening (in the letter it is recommended to use Microsoft Publisher) runs a VBScript script that loads onto victim's PC self-extracting CAB file. The latter contains the AutoIt script tool to run the script and another file, encrypted with AES-256. As noted, the decryption key for the second file is the line in the AutoIt script.

In fact, the encrypted file is bedorom, after decoding and run which attackers can gain access to the infected computer. Trojan is able to memorize the keystrokes to record credentials that are used in browsers and email clients, view system information, etc.

The uniqueness of this campaign is to use the PUB for hosting malware. As explained by an analyst of Bitdefender Adrian Miron (Miron Adrian), the attackers chose this format because usually people don't associate it with risk of infection.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5