Esvalabs Security Blog
It’s almost one month now that a very effective malspam campaign delivering the ursnif trojan is in progress in Italy. The trick that the malware uses to spread is simple and effective: once run on the victim’s machine it sends replies to existing email threads attaching a copy of the malware itself. This strategy is […]
As most of you probably know MailChimp is a widely used and well respected email newsletter and marketing automation service. It’s not a news that hackers tend to focus on popular services, and that’s exactly what we noticed in at least two different Italian malware campaigns in the last week, where they jumped on MailChimp popularity […]
DDE (Dynamic Data Exchange) is a very old and almost forgotten feature of Microsoft Office. Designed to automate the exchange of data between applications, it can be easily exploited to execute arbitrary code without any macro or other active content. About one month ago, samples of office documents exploiting DDE to spread ransomware have been […]
Obfuscated phishing sites are nothing new (on the same matter check this article Web obfuscation technique using invisible spans ) but the use of AES in an attempt to evade detection from automated detection tools like our URLSand Sandbox service, is not very common. Despite AES and encryption in general is not a newbie argument, I am […]
