Cyber security company Proofpoint has discovered a fake Microsoft Silverlight update request that installs malware. The email campaign used to deliver the malware is highly targeted to individuals in the financial services industry.
Because it is highly targeted there are no standard “Subject lines” and the success rate is high as it uses topics of relevance to recipients. It installs a keylogger by opening an infected Microsoft Word email attachment titled info.doc but as it uses an embedded “Packager Shell Object” rather than a macro, it is not detected by anti-virus products. It then sends information typed on the computer to two Gmail accounts.
Proofpoint suggests that users right-click on any suspect attachment and look at its properties – it will not expose a macro but it will expose a Package Shell Object or a VBScript File (.VBS).
It says cyber criminals have moved beyond the use of malicious macros and organisations will need to rethink how they prevent malicious content from reaching end users.
While many businesses are either blocking Microsoft Office macros at a policy level or educating users about the dangers of enabling macro content, attackers have other means of creating weaponised documents for distributing malware.
{loadposition ray}
