Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

New phishing campaign uses 20-year-old Microsoft mess as bait


The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.

As Internet Storm Center handler Brad Duncan writes, the vector in the Word documents uses Microsoft Dynamic Data Exchange (DDE), a feature that lets Office application load data from another Office file. This is the kind of attack that last week was spotted in a phishing campaign launched at Freddie Mac.

Duncan outlines the attack approach in this flowchart:

Image: Brad Duncan, SANS

The phishing messages carrying this attack come from the Necurs botnet, he writes, and as with other DDE attacks the aim is to convince users to OK through the security warnings. A fake invoice is the scammers' preferred weapon.

If the attack cons the victim, the poisoned document fetches a downloader which in turn pulls a copy of Locky to decrypt at the target.

Once the ransomware's launched and it's encrypted the victim's hard drive,...(continued)

View All Trending Stories