Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Peddlers of Vawtrak Employing Macro-based Attacks - Trend Micro

Net-security.org published a report quoting security firm Trend Micro as saying "Cybercriminals distributing new versions of Vawtrak banking Trojan are the latest ones to use once again popular macro-based attack."

This type of attack was popular in early 2000 and abandoned in the following decade but reappeared once again last year preying new generations of computer users who haven't witnessed it yet.

Researchers of Trend Micro say that the latest Vawtrak distributing campaign comes in the form of fake FedEx and American Airlines spam emails asking recipients to download the attached Microsoft Word file containing details about a failed delivery or an airline ticket.

Those, who received a document with messy symbols, are asked to enable macros to see the document properly.

Once the macros are enabled, you can see the text of the document. Meanwhile, a PowerShell script, a VBS file and a batch file, are dropped into the compromised system. The batch file is designed to perform the VBS file and then it helps to run the PowerShell script.

Windows PowerShell is a work-based command line shell and scripting language built on the .NET Framework to enable IT teams to automate and control the administration of the operating applications and system. Trend Micro reported in middle of 2014 that the attackers had been increasingly abusing the tool.

The Trojan known as BKDR_VAWTRAK.DOKR is downloaded into the system during the Vawtrak attacks with the PowerShell script.

Security researchers of Trend Micro claim that this three-step chain of infection has been adopted very likely as an avoidance tactic which is a theory supported by the "bypass" execution flag for the VBS script.

The security firm says that this variant of Vawtrack steals log-in-data for Microsoft outlook along with credentials stored in Google Chrome and Mozilla Firefox and FTP clients.

Trend Micro has been monitoring this new wave of attack since November 2014 and says that the maximum infections with this version of Vawtrak has been found to be in US (60.71%) followed by Japan (10.22%), Germany (6.83%), United Kingdom (4.47%) and Australia (3.42%).

ยป SPAMfighter News - 2/25/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page