Description: Stop Malvertising investigates current Malware Trends and the distribution of malware exploits through online advertising networks.
security news (17) black hat seo (16) scareware (3) stop malvertising (2) malvertizing (2) malvertisement (2) malicious flash advertising (2) browser exploits (2) fake antivirus (2) fake security software (2)
When the victim clicks the malicious .LNK file, it opens a CMD window, creates an .HTA file which downloads an XML file containing a JS script which in return will download several other files from 1 out of 39 possible locations using BITSAdmin (Microsoft Background Intelligent Transfer Service).
The email poses as a spoofed business-to-business email exchange regarding order and shipping information and has two attachments named BHBW-P412536.xls (which is actually an .XLSX file format) and BHBW-P412537.csv.
I initially started a thread on Twitter but due to the length I’ve decided to turn the Twitter topic into a blog post in order to improve overall readability. Let’s dive into our analysis without any further delay!