Turn off macros in Microsoft Office applications to protect yourselves from active malware spam campaign

Email samples. 
Think before while opening an attachment from unsolicited emails especially if you are in Japan, as you might be the victim of malware-ridden spam attack. No need to worry, to protect yourselves, turn off macros in Microsoft Office applications. It prevents from macro-based threats from executing.
The problem came in to light when the employees of various corporations in Japan started to receive suspicious-looking emails which turned out to carry malicious attachments on October 8.
Researchers from Symantec, who found out the malware, confirmed that those emails were part of a wave of malware-ridden spam attacks that were currently active in Japan.
Along with the emails, there were attached Microsoft Word document files, which contained a malicious macro.
Researchers said that it attempted to download the same executable file (65g3f4.exe) from multiple remote locations. The multiple downloads was probably a redundancy measure in case some sources were taken down.
“We have observed download attempts from the following domains: Leelazarow[.]com, Rockron[.]com, www[.]profes-decin[.]kvalitne[.]cz,” they said in a blog post.
“There are two variations of the emails: one is an order confirmation from a Japanese equipment supplier and the other pretends to come from a local printing company,” the researchers added.
They have detected a malicious Word document dubbed W97M.Downloader, a known vehicle for other threats such as Trojan.Cryptodefense and Trojan.Cridex.
In the process, along with the document a banking Trojan which Symantec detects as Infostealer.Shiz, also gets downloaded. The researchers said that installing such a Trojan on corporate computers could give the attackers a foothold on the network from which they can spread and find other items of value.
It is also said that the malware is especially designed for Japan as 98 percent this malware detections are located in the country.
“Our telemetry shows that this particular variant of Infostealer.Shiz is being distributed almost exclusively in Japan, as 98 percent of the detections are located in this region. There are currently no indications that specific industries or companies are targeted,” the researchers concluded.

Leave a Reply