AppRiver Blog

Move over Macros, Office DDE exploits arrive

Move over macros, Office DDE exploits arrive!

Office macros have been the primary choice of attacks by malicious actors for years.  IT administrators and users have learned to be cautious before running macros. The Dynamic Data Exchange (DDE) protocol has been around much longer but hadn't been used for attacks.  It's a...

Read More

Social Engineering Attack Escalation

Attack Overview and Statistics

SANS Institute conducted a survey on how attackers were able to compromise user devices.  They found 74 percent entered via an email attachment or email links, 48 percent from web based drive-by or download, and 30 percent through application vulnerabilities.  Phishing (72 percent), spyware...

Read More

OSX & Windows Trojans Targeting Switzerland

This morning a unique campaign targeting Macs has caught our attention. This attempt contained a .zip file carrying a Mac (OSX) trojan known as Aptordoc (OSX.Dok).

Read More

Hancitor Picking Up Steam

The Hancitor (aka Chanitor & TorDal) malicious downloader has been picking up steam.

Read More

Wanted: Your Computer for Mining!

Many have heard the term bitcoin in the past and recognize that as a digital currency.  Bitcoin is not the only player out there, just the most recognized.  The others are unofficially termed Altcoins for alternative coins.  Digital or cryptocurrencies are created by a process called mining.  This is the process of...

Read More

Malicious Macros in Fake Adobe Messages

Over the past six months we have seen an increase in the number of emails with malicious Word (.doc) attachments. These messages utilize the available functionality in a file type that is very familiar to basically every computer user. By using this technique the attacker can increase the chances that one of these messages...

Read More

Keylogger Sending Plain Text Emails

I ran across an interesting piece of keylogging malware that uses a pre-built keylogger named Knight Logger. This particular keylogger is openly available for purchase online by its author. Of course it's labeled for educational purposes only and says you must have the computer owner's permission to install the keylogger....

Read More

Amazon themed malware targets Crypto Currency

Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that your order has been confirmed and contains a small amount of details. The user being target is directed to the attached .doc file for the...

Read More

Forged Best Buy Emails Distribute Malware

Fake Best Buy purchase confirmations attempting to spread malware have been circulating for the past week. These messages are simple. They appear with “Best Buy” in the [from] field and they inform the recipient that an order has been placed with Best Buy which needs to be confirmed for pick up. The recipient is then...

Read More

Windows Gadget Malware

This morning I ran across an interesting piece of malware. It was a Trojan downloader packaged as a .gadget file. Gadgets are the little things used in the Windows sidebar, like a clock, rss feeds, cpu info, etc. A gadget file is essentially a zip with some special features that allow you to install other gadgets...

Read More