Talos, Cisco's security research outfit, have been researching a unique attack DNSMessenger which uses DNS queries to carry out malicious PowerShell commands on affected computers.
According to the Talos experts the infection chain begins with a rigged Word document sent to recipients who are encouraged to “enable content” so they can view a message. If enabled the document launches a Visual Basic for Applications (VBA) macro script that opens the initial PowerShell command that ultimately leads to the multistage attack and the eventual installing of a remote access Trojan.
More details can be read in Talos blog post here.
skip to main |
skip to sidebar
About Me
Microsoft Windows Insider MVP 2016-2020
Blog Archive
-
▼
2017
(142)
-
▼
March
(12)
- VMware Updates Available
- ITunes 12.6 Released
- New PHP Versions Released
- Shockwave Player Update Available
- Adobe Flash Player Update Available
- Microsoft Security Updates For March 2017
- ESET Monthly Threat Report: February 2017
- Google Chrome Updated
- Symantec Intelligence Report: February 2017
- Updates To Mozilla Products Released
- WordPress 4.7.3 Released
- DNSMessenger
-
▼
March
(12)
No comments:
Post a Comment