Followers

Monday, 17 October 2016

Symantec observed a surge of spam emails using malicious WSF files

Source: securityaffairs.co --- Sunday, October 16, 2016
Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based attacks leveraging malicious Windows Script File (WSF) attachments. Over the past three months, threat actors have adopted the tactic in the wild, mostly criminal organizations behind ransomware campaign. “In the past two weeks, Symantec has blocked a number of major campaigns distributing Locky ( Ransom.Locky ) which involved malicious WSF files.” reads a blog post from Symantec. A Windows Script File (WSF) is a file type that allows mixing the scripting languages, such as Pyton, JScript and VBScript within a single file. WSF files are opened and executed by the Windows Script Host (WSH), they can be launched like a common executable file. Symantec highlighted that .wsf files are not automatically blocked by some email clients. Threat actors used malicious Windows Script File files in a number of recent major spam campaigns spreading ransomware link Locky . Symantec blocked more than 1.3 million emails bearing the subject line “Travel Itinerary” between October 3 and 4. In this campaign, hackers leveraged on malicious emails purported to come from a major airline that came with Windows Script File file within a .zip archive. Symantec added that on October 5, the same threat actor launched a new massive spam camp ...



from Windows http://ift.tt/2ekGJGm

No comments:

Post a Comment