Slashdot Mirror

← Back to Stories (view on slashdot.org)

Docs With Malicious Macros Deliver Fileless Malware (csoonline.com)

Posted by BeauHD on from the monthly-subscription-to-malicious-malware dept.

itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

8 of 39 comments (clear)

  1. Why the fuck is there a Canada flag icon? by Anonymous Coward · · Score: 2, Interesting

    Why the fuck is there a Canada flag icon for this submission?

    1. Re:Why the fuck is there a Canada flag icon? by Lumpy · · Score: 2

      It only affects canadian windows.

      --
      Do not look at laser with remaining good eye.
    2. Re:Why the fuck is there a Canada flag icon? by Irate+Engineer · · Score: 2

      Blame Canada!

      --

      Left MS Windows for Linux Mint and never looked back!

      Vote for Bernie in 2016!

  2. Get one Get Many by rtb61 · · Score: 4, Insightful

    I got hit with a bundle of them, one after another after another, over a couple of weeks. I think I likely kept getting them because I did not read them but simply forwarded them to http://www.acma.gov.au/Citizen.... I assume as part of their spam analysis with a view to prosecution, those went into some ones more law focused inbox. Forwarding them on to your local authorities might not help much but it certainly doesn't hurt and it is still more satisfying than just blocking them and it might, just might lead to keeping the authorities appropriately busy and a prosecution occurring, one can only hope and a little hope is better than none at all. Oh yeah and I most certainly do not run M$ Office - Libre Office for me, for many, many reasons, least of which those much repeated attacks.

    --
    Chaos - everything, everywhere, everywhen
  3. Fileless? by Anonymous Coward · · Score: 2, Interesting

    If it involves a document, how is it fileless?

  4. Re:Word Macros by Anonymous Coward · · Score: 4, Insightful

    Sorry, if you still have this shit enabled in **2016**, you deserve the pwnag3.

    There's nothing wrong with macros, per se. The problem is massive design flaws like this:

    "The documents contained macros that, if allowed to run, execute a hidden instance of powershell.exe"

    A macro should be able to perform operations on a document, but there is absolutely no reason why a macro should be able to launch an external executable file. That is stupidity at a mind boggling level.

  5. Re:Word Macros by Teun · · Score: 2

    That is stupidity at a mind boggling level.

    I believe you wanted to say MS.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  6. Re:I have to ask by LordWabbit2 · · Score: 2
    And then had to convert the pile of VBA crap into a working website.

    These implementations rely on the shit and security nightmare that is VBA

    What security? Security would just frustrate the business people cranking out the VBA to speed up their daily jobs. The real danger here is not VBA per se, it's the corporate mentality that the company uses Macro enabled documents so they keep giving it permission to run, even when they don't recognize the document.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.