Author Topic: Fileless Powershell malware uses DNS as covert communication channel  (Read 21 times)

0 Members and 1 Guest are viewing this topic.

Offline Scarlett

  • Updates Moderator
  • *
  • Posts: 22996
Fileless Powershell malware uses DNS as covert communication channel
« Reply #1 on: March 03, 2017, 07:54:44 PM »
Fileless Powershell malware uses DNS as covert communication channel
3 March 2017, 6:01 pm



Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.

The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems' Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.

When opened, the file masquerades as a "protected document" secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document's content, but doing so will actually execute malicious scripting embedded within.

To read this article in full or to leave a comment, please click here



Source: Network World Security

>> To obtain the full NetworkWorld Security article, click the link in the first post line <<

 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks