A New Variant of Ursnif Banking Trojan Distributed Through Malicious Microsoft Word Documents

A new improved version of the infamous Ursnif banking Trojan leverages Necurs botnet infrastructure targets Italian companies. The malware primarily targets the financial sector and it was detected first in year 2009.

CSE Cybsec ZLab researchers spotted the new campaign to be active from 6th June, it hit’s Italian companies with a malicious Microsoft Word documents and social engineering methods to trick users into enabling macros.

Once Ursnif infected into the machine it tries to spread the infection to all other Email address in the contact book and to trick the victims it makes the message to have appeared as a reply in the previous conversation.

Email Message and Infection – Ursnif Banking Trojan

The Email was written in incorrect Italian language and the documents appeared to be created from an older version of Microsoft Office that asks user’s to enable the macros.

The infection starts once the user enabled the macro’s, which launches a malicious script that downloads and executes the payload from the C&C server.

“The Ursnif banking Trojan can operate without being noticed by both the user and the Operating System because it is capable to inject its malicious code into the “explorer.exe” process, which is one the most important processes in the Microsoft’s OS.”

With the new variant of Ursnif different domains and different macros spotted, at the time of analysis researchers spotted most of the domain’s went offline.

All the domain’s appeared to be registered under the same Email [whois-protect[@]hotmail[.]com], “Investigating on the email address, we discovered that it was used to register about 1000 different domains.” researchers said.

Necurs botnet is one of the largest Malspam threat that distributes by cybercriminals to deliver various dangerous malware and ransomware based highly potential threats.

It also responsible for various ransomware attack operation like JAFF Ransomware, Scarab Ransomware, banking trojan Trickbot, and it played the biggest role of Locky Ransomware distribution with 23 million emails in just 24 hours.

This is the first time Ursnif campaign uses the Necurs botnet infrastructure, CSE CyberSec Enterprise published a full analysis report along with IOCs associated with the incident.

Comments

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a CTF like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run netdiscover to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical nmap scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open FTP port and we can connect to it with anonymous access . Also there is an open http port, we will run a nikto scan for it. The ssh port will be valuable later. From the nikto scan we got an interesting /secret/ folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect to the ftp server. When we get asked for the username we type ‘ anonymous ‘ and we l

Digital Marketing Services in noida

Red Securium Company Provide Digital Marketing Service In Noida Strengthen your brand positioning, awareness, revenue objectives and market share with our custom-built digital marketing services to suit their business needs. Get easily accessible to your target audience on mobiles and social networking sites across different platforms. Our cross-functional digital marketing experts offer end-to-end digital marketing solutions that are in step with your business's goals and policies. Our targeted digital marketing campaigns are custom-structured for helping you in strengthening your brand positioning, awareness, revenue objectives and market share. Digital Marketing Services Digital Marketing Service Social Network Marketing Service Seo Services Marketing PPC Marketing Service Social Media Marketing Sales Generation Services Mobile Marketing Service Content Marketing Service Event Marketing Service Video Marketing Service Video Lo

Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email addresses and phone numbers of 57 million Uber riders and drivers along with driving license numbers of around 600,000 drivers. Besides this, it was also reported that instead of disclosing the breach at the time, the company paid $100,000 in ransom to the two hackers with access to the stolen data in exchange for keeping the incident secret and deleting the information. Today Britain’s Information Commissioner’s Office (ICO) fined Uber 385,000 pounds ($491,102), while the Dutch Data Protection Authority (Dutch DPA) levied a 600,000 euro ($679,790) penalty on Uber for failing to protect the personal informa

Red Securium

Search This Blog