X

Bitdefender has warned users of a malware targeted at Microsoft Outlook Web Access users. This malware cocktail has already infected three per cent of systems in Australia this month.

According to the company, the unsolicited message directs users to apply a new set of settings to their mailboxes to update several ‘security upgrades’ that have been applied. The link in the email leads to a web page with Microsoft Office logos that instructs users to download and launch an executable file that will supposedly update their email settings.

Instead, they receive a potent malware cocktail, including Trojan.SWF.Dropper.E, a generic detection name for a family of Trojans sharing similar behavior. They are Flash files, which usually do not display any relevant images/animations, but drop and execute various malware files (by exploiting Adobe Shockwave Flash vulnerability). The dropped files may be subject to change and different variants can drop and execute different malware programs.

Statistics showed a significant increase in the number of files worldwide that have been infected with Trojan.SWF.Dropper.E – an increase of nearly 60 per cent from December last year.

The attack also included other prolific malware, including:

  1. Trojan.Spy.ZBot.EKF, which was also intensively used into AH1N1-related malware distribution campaign. ZBot injects code into several processes and adds exceptions to the Microsoft Windows Firewall, providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers. The latest variants are also able to steal bank-related information, login data, history of the visited Web sites and other details the user inputs, while also capturing screenshots of the compromised machine’s desktop.
  2. Exploit.HTML.Agent.AM uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted flash object into a web page. Once an infected web page is opened, the Trojan creates a specially crafted SWF object which allows the execution of a payload into the heap (at the time this article was created, the downloaded file was detected as Trojan.Spy.ZBot.EKG; however, this may be subject to change).
  3. Exploit.PDF-JS.Gen is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader’s Javascript engine, in order to execute malicious code on user’s computer.

BitDefender datasets also indicate a growing trend of Exploit.PDF-JS.Gen. The first two weeks of January showed that the most affected systems pertain to the United States, Spain and Canada.

In order to stay safe, BitDefender recommends that consumers never follow links inserted in messages from unknown contacts in addition to installing and updating a complete antimalware software solution.

Leaderboard 728x90 1 Microsoft Outlook Web Access Malware Spreads
Whatmough 728x90 Microsoft Outlook Web Access Malware Spreads
05 Channel New Banner T30S COMBO 728x90 Microsoft Outlook Web Access Malware Spreads
3sixT GS24 EDM 728 x 90 px 02 Microsoft Outlook Web Access Malware Spreads
728x90 Iconic Microsoft Outlook Web Access Malware Spreads
4SquareMedia 728x90 scaled Microsoft Outlook Web Access Malware Spreads
Haier 728x90 1 Microsoft Outlook Web Access Malware Spreads
BlueAnt PumpAirANC WebBanner 728x90 Microsoft Outlook Web Access Malware Spreads
Litheaudio 728x90 Microsoft Outlook Web Access Malware Spreads
728x90 Microsoft Outlook Web Access Malware Spreads
728x90 Microsoft Outlook Web Access Malware Spreads
Flick of a switch 728x90 1 Microsoft Outlook Web Access Malware Spreads
PRO 5 PRICE DROP 2024 Banner 728x90px Microsoft Outlook Web Access Malware Spreads
PAN0029 Digital Banners Curry Leaderboard 728x90 02 Microsoft Outlook Web Access Malware Spreads
728x90 Microsoft Outlook Web Access Malware Spreads
hitachi banner 728x90 Microsoft Outlook Web Access Malware Spreads
Middleton 728x90px Product Microsoft Outlook Web Access Malware Spreads
Martin Logan 728 x 90 Microsoft Outlook Web Access Malware Spreads
QUEEN 728x90 Microsoft Outlook Web Access Malware Spreads
240215 SAV R Volution CNewsFeb Leaderboard 1 Microsoft Outlook Web Access Malware Spreads
BEL2385 4SQ Dock Banners 4SQ 728x90 Microsoft Outlook Web Access Malware Spreads
728X90 Microsoft Outlook Web Access Malware Spreads


YOU MAY ALSO LIKE