Fake Christmas Offers Leads To Malware

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Spammers are taking advantage of the Christmas season to infect computers all over the world by emailing you a tempting word document file with the name “CHISTMAS OFFERS.docx”. With shoppers on the hunt for the best deals this holiday in terms of gifts, who wouldn’t be tempted to open such a file!

It might be tempting to open the file to see what these offers are all about. However, the document is blank and requires the user to enable macros in order to view it.By default Microsoft Office disables macros, a handy automation feature but also a huge security risk.This is where the social engineering lies and the crooks are counting on people so eager to see the promised content that they will push the button and get infected.

fake-christmas-offers-by-santa-infect-pcs-with-banking-trojan

While the spammers who emailed the infected files actually had several macros created, you cannot see them because they were password enabled. However, you can make use of the OfficeMalScanenr tool to extract the macros code and open it in any text software. The code with which the macros are written is Visual Basic for Applications and it has the ability to download just about any file for any external URL.

By enabling content or macros, you would be enabling the code to start downloading just about anything it was written to download.The enabled macros remotely download a file from the URL hxxp://jasoncurtis.co.uk/js/bin.exe and then run it from your temp folder.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply