Then a JScript is served which, once received, asks to be launched or saved. Once ZIP content is extracted, the user faces what he belives a simple Windows' link (because it is really a link!).Īfter double-click it, the host tries to connect with remote server via SMB. How does this attack work? As in every SPAM campaign, the victim receives a mail which tells him that an important document is inside the attached ZIP archive. It seems just a new way to deliver malware using SMB. It can also be used to explore remote ones: on Windows these are accessed via SMB protocol. What does file schema do? Normally this schema is used to access local filesystem. In fact, all analyzed samples so far used particular URLs, in which the schema is not the well known and popular http (or https). The particularity of these campaigns lies not only in the use of this particular type of file, but also in how these have been configured. These are normally licit files and harmless files, however they can be abused to create malicious links. url files? This file type is usually used by Windows OS to save a web link, that it can be accessed easily by a simple click. url files as first-stage downloader to spread malware and avoid anti-SPAM filters. Certego Threat Intelligence platform is observing some SPAM campaigns which are using
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |