Crooks Abuse Windows Troubleshooting Platform to Infect Users with Malware

Discussion in 'malware problems & news' started by Minimalist, Oct 10, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Very simple, run MS Office inside a sandbox and/or monitor child process execution, problem solved.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    From the Softpedia article:

    In the case of this recent spam campaign, double-clicking the warning to detect the document's character set launches a troubleshooting window, which is nothing more than a DIAGCAB file. This file contains a series of automated PowerShell scripts which, according to Proofpoint, download and install the LatentBot backdoor trojan.
    I assume by now, everyone on Wilders is blocking powershell startup.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.