Introduction
Recently it has been reported that emails about events from around the globe carefully written coincide with upcoming meetings and summits, sent along with Malicious attached (MS Word
Documents). The malicious attachment contain highly sophisticated malware and is targeting users of sensitive organizations. The malware is designed to steal information and take control of user’s system.
Microsoft office
2003, 2007 and 2010 can get affected by this malware. Users get malicious emails and trapped to open attachments with hidden malware. Opening that files executes malware in background and a decoy document is opened
Malware takes control of targeted Computer and extracts files of interest to Command & Control server abroad.
Malware is very stealthy and most antivirus does
not recognize it.
Following hidden files and folders are created in Computer which can be identified to see if system is infected or not:
“CVRAE9123.lgx” and “US.doc” in C:\Documents and Settings \%Name%\Appl Data\Local Settings\Temp.
“MicroScMgmt.exe”,”jli.dll” and “msvcr71.dll” in C:\Documents and Settings \%Name%\Application Data\Microsoft.
Cookies (administrator@<randorm host name>.txt) in C:\Documents and Settings \%Name%Cookies.
Using official details of upcoming event users are lured in to open the malicious MS Word files in email. When the user click the attached file the hidden malicious script code, embedded in attachment is executed.
The host PC establishes remote connection to unknown server/ website. The backdoor link is used for data exfiltration from host computer to various web site/ servers around the world.
So, What is possible Prevention that user can in order to save that attacks, following is strongly suggested:-
Change the fol registry key
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Microsoft\Gdiplus\D
isable TIFF Codec = 1.
Avoid opening email from unknown sources.
If e-mail with attractive subjects/sender is received, it may be deleted without opening.
Instl EMET (Enhanced Mitigation Experience Toolkit) Microsoft software utility.
The Microsoft EMET is a utility that helps prevent vulns in software from being successfully exploited.
Use Protected View and block ActiveX controls in Office documents downloaded.
Install well reputed antivirus/firewall software that blocks malware's:-
1. Bitdefender
total security.
total security.
2. Kaspersky
internet security.
internet security.
3. Eset NOD32
internet security.
internet security.
Before entering login passwords of email or social networking webpages, ensure actual webpage is opened. Web address is vis in address bar of all internet browsers.
No comments:
Post a Comment