Move over macros, Office DDE exploits arrive! Office macros have been the primary choice of attacks by malicious actors for years.  IT administrators and users have learned to be cautious before running macros. The Dynamic Data Exchange (DDE) protocol has been around much longer but hadn’t been used for attacks.  It’s a communication protocol that […]

Harvey Scam Example After every large news event or natural disaster we see the associated scam emails.  The first Harvey scam email we’ve seen showed up the afternoon of Aug. 30.  It is a bit surprising it took that long for it to appear, we’ve been watching closely.  Unfortunately many more scam emails and registered […]

Attack Overview and Statistics SANS Institute conducted a survey on how attackers were able to compromise user devices.  They found 74 percent entered via an email attachment or email links, 48 percent from web based drive-by or download, and 30 percent through application vulnerabilities.  Phishing (72 percent), spyware (50 percent), ransomware (49 percent) and Trojans (47 […]

This morning a unique campaign targeting Macs has caught our attention. This attempt contained a .zip file carrying a Mac (OSX) trojan known as Aptordoc (OSX.Dok). All of these emails contained the OSX Aptordoc trojan, however, some also had a Windows trojan downloader known as W97M.Dropper (Mal/DocLnk-B) attached, also like the example pictured below.  These […]

The Hancitor (aka Chanitor & TorDal) malicious downloader has been picking up steam. Creators actively refine code to a sophisticated downloader increasingly able to avoid detection. This requires a user to run an infected Word document containing malicious VB macros. Upon doing so, Hancitor pulls DELoader (Terdot) – a financial information stealing malware.  These malicious […]