Share Blog post
The banking trojan has been around for about a decade although in different avatars. It has been found using emails as the vector and also inducing infected PC users to spill their credentials by performing ‘web injects’. Typically, it used fake forms to phish for user credentials. Users should be more careful and always confirm the legitimacy of the link before clicking it.
QtBot used to distribute malware
Security researchers have observed that Necurs malspam campaigns are distributing Microsoft Office documents that are abusing Microsoft Dynamic Data Exchange (DDE). Then, these documents download an intermediate downloader — QtBot — which is used as a replacement for malicious VBScripts. The intermediate malware is known to download TrickBot and Locky ransomware.
The driver installation package will install a root CA certificate into the Windows trusted root certificate store. To complete the process, Savitech added the root certificate package for users along with the software bundle. However, the issue here is that this process was used on Windows XP and no more needed for later operating system versions. This could be misused by hackers and impersonate websites and other services. Users are encouraged to manually remove the certificate.
OpenSSL patches flaws
The two vulnerabilities with low and medium severity, that was discovered by using Google’s open source OSS-Fuzz fuzzing service. The two vulnerabilities — CVE-2017-3736 (medium severity) and CVE-2017-3735 — reported are fully patched. Users of OpenSSL 1.1.0 should upgrade to 1.1.0g.
Posted on: November 03, 2017
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.