Greetings good people!
I wanted to share with you the latest trends of spam and\or malware I see coming in to Basefarm this last week. Thanks to everyone who is spamming me making this possible. 🙂
The latest trend is sending a mail with very little detail, complaining about a delay in shipping, lacking tracking information, anything really. And then attaching a .doc file with a simple name like “order-confirmation.doc” or “invoice.doc”.
We, as good people, want people to be happy with our service, so we get a little worried that there has been something we have missed and rush to open the .doc-file to see how we can correct this misunderstanding. The .doc file is loaded with a bunch of macros, and upon opening it downloads whatever malware recently paid the last bid to the spammer. Mostly I have seen botnet installs, and no more crypto-software so far, but this can be changed on the fly by the malware authors.
The purpose of the botnet-infection is the traditional proxying of malicious mail or web traffic, participating in DDOS or to the more modern mining of crypto currency. Also have in mind that it is not uncommon for them to exfiltrate any address books, stored passwords and passwords typed during the infection.
Unfortunately, having an up-to-date antivirus is not enough these days, so to keep yourself from enjoying a borrowed computer from Internal-IT while yours is getting reinstalled and you changing all the passwords you have in fear it might be captured, slow down and think about what files you are opening. Being more security aware is the best solution to this challenge.
As always, if you are not sure about something, talk to your closest internal-IT or SIRT person about your concerns. It is much easier to handle this while it is still in your inbox.