Word and Excel Files Infected Using Windows PowerShell

Discussion in 'malware problems & news' started by Dermot7, Mar 27, 2014.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://blog.trendmicro.com/trendlab...xcel-files-infected-using-windows-powershell/
     
    Last edited: Mar 27, 2014
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That´s why Windows PowerShell should be locked down on every system. :)
     
  3. yhnnhd1

    yhnnhd1 Registered Member

    Joined:
    Apr 6, 2014
    Posts:
    1
    Location:
    usa
    Does anyone have a sample of this?


    NOTE: Under the Terms of Service, no member is to post links to known Malware/Virus/Trojan sites.

    You can google to your heart's content yourself, but no links are to be provided.

    Cheers,
    TAS
     
    Last edited by a moderator: Apr 6, 2014
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    yhnnhd1, first, welcome to Wilders! Because it's against our Terms of Service, posts directing members to malware, would be removed. Just FYI.
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    The Dark Power of Windows PowerShell | Symantec Connect Community
     
  6. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Greeting. May I know how to config Windows or use security software to protect ourselves from Windows Powershell attack.

    Thank you.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ southcat

    I'd say have an App that Prompts you to run rundll32.exe & also helps prevent code injection. For eg, i have ProcessGuard which does both, & Zemana which does the latter too.
     
  8. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Thanks for advices. I have used Process Guard long times ago until the developer stop it, I have installed Comodo and Spyshelter in my computer and i guess they do the same things ?

    Regards.
     
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Cybercriminals use sophisticated PowerShell-based malware
    http://www.csoonline.com/article/21...e-sophisticated-powershell-based-malware.html
     
  10. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Would EXE Radar Pro protect against this as well?
    Because rundll32.exe is by default in Exe Radar's "Vulnerable Processes"
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, ERP can stop malware (and other apps) from using the Windows PowerShell.

    That´s why executable control (and white-listing) is so important. :)
     
  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yet another example of how XP "can be made" to be more secure overall than MS OS's since, in the right hands. Largely on account of being able to make the attack surface nearly non-existent with some tweaking. I don't have Powershell on my box at all, so this is all moot to me. .NET FW exploits, also rendered moot. And the list goes on and on... And I won't even get into the privacy side of things... there's no contest there.
     
  13. guest

    guest Guest

    Modern OSes can be made even more secure. ;)
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Check out this thread:

    -http://ssj100.fullsubject.com/t7-blocking-powershell#3551-

    Both powershell.exe and powershell_ise.exe should be blocked.

    I suppose this would stop such an attack. :)

    ~ De-linked URL - JRViejo ~
     
    Last edited by a moderator: Apr 14, 2014
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    They arrive more secure in some regards, not so much in others. But you're very limited on being able to "make" it anything it isn't already in out of the box, which I don't like. XP I can trim so much I'm left with basically nothing but the stump left, and it still works. Trim even a leaf from 7/8 and something is broken it seems. Also, I consider privacy and anonymity part of security. Not a fan of backdoors either, which I suspect all modern OS's have. That last bit is of course pure speculation.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.