Crooks Abuse Windows Troubleshooting Platform to Infect Users with Malware

Discussion in 'malware problems & news' started by Minimalist, Oct 10, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,060
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Very simple, run MS Office inside a sandbox and/or monitor child process execution, problem solved.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    From the Softpedia article:

    In the case of this recent spam campaign, double-clicking the warning to detect the document's character set launches a troubleshooting window, which is nothing more than a DIAGCAB file. This file contains a series of automated PowerShell scripts which, according to Proofpoint, download and install the LatentBot backdoor trojan.
    I assume by now, everyone on Wilders is blocking powershell startup.
     
Loading...