MERS Outbreak Being Leveraged by Cybercriminals - Trend Micro

Softpedia.com reported on 29th June, 2015 stating that cybercriminals are readily exploiting the news of the outbreak of Middle East Respiratory Syndrome (MERS) in Korea although the bait in the latest attack does not appear to have a monetary motive, but, it appears to be targeted.

MERS is a deadly respiratory illness which carries on being a worry and World Health Organisation confirmed on 29th June, 2015 that all but one out of total 182 cases found were from Korea. The number of deaths has surged to 32.

Trend Micro, security firm, says that such statistics attract the media's attention in the region that may be the chief reason for the attacker to use MERS as the topic for the spear-phishing email.

Trend Micro observed that a Japanese mass media business house received an email with an attached file claiming to provide methods of preventing MERS but it actually delivered a backdoor Trojan.

The malware is contained in a CHM file which is usual for distributing software documentation on Windows. This file contains HTML pages structured in an easy manner to navigate.

The CHM file drops the backdoor ZXShell (BKDR_ZXSHELL.B) in this particular episode which sits inside the affected machine and waits to run commands sent by the attackers. This backdoor may be used to find sensitive data inside the affected networks.

CHM files is gradually becoming a preferred tool while distributing cybercrime-related threats or performing targeted operations. It can simply avoid security measures of Windows known that it's a genuine file up to the position it runs and executes malicious codes implanted in it.

CHM file has seldom been used so far in targeted attacks in spite of its use for malicious purposes and for infecting systems with CryptoWall ransomware lately. On the other hand, the backdoor ZXShell is normally dropped utilizing exploits in Microsoft Office or Ichitaro software, a word processor which is well-known in Japan. Softpedia.com published news on 29th June, 2015 quoting a blog of Benson Sy, Threat Analyst of Trend Micro, as "By using CHM files in this incident, cybercriminals showed yet another method of infecting targets with ZXShell without employing exploits.

» SPAMfighter News - 7/10/2015