Diana Lopera is a researcher for Trustwave Cybersecurity and has stumbled across something that's one part interesting and one part disturbing.
Apparently, a group of hackers are trying a new approach to distribute their malicious code which is leveraging Microsoft's HTML help files.
Yes, you read that correctly. It's an innovative technique that's not only proving to be surprisingly effective, it is also proving to be notoriously difficult to detect. Even worse is that it's not even a terribly sophisticated attack.
Here's an overview of how it works:
Naturally, it begins with an email. The email contains a generic subject line and an attachment, often entitled "Reques.doc" or similar.
This file is not a doc, but an .iso file. A disk image. The image contains a pair of files. One of them is a Microsoft Compiled HTML Help file (CHM) and the other is an executable.
By exploiting the capabilities of the help file, the executable can install its malicious payload. In this case it is a malware strain called Vidar.
Vidar then establishes a link to its command-and-control server via Mastodon, which is a multi-platform open-source social networking system. Once that connection has been established, Vidar goes to work harvesting user data from the infected system and exfiltrating it to the command-and-control server.
In at least one confirmed instance, Vidar was also spotted downloading and executing additional malware payloads.
Sophisticated or not, this new campaign has proved to be highly effective. Given that Vidar can serve as how other malware payloads wind up on an infected machine, this should be regarded as a serious threat. Those "other payloads" could be anything from ransomware which will lock all the files on your network, to malicious code that has been optimized to steal banking information and everything in between.
Be sure your employees, friends, and family are aware and on their guard. This is a nasty piece of code.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
