PowerSniff Malware Attacks Abuse Macros, PowerShell
You are here
PowerSniff Malware Attacks Abuse Macros, PowerShell
A new piece of malware dubbed “PowerSniff” has been spotted by researchers in semi-targeted attacks aimed at users in the United States and some European countries.
The threat has been found to leverage macros and PowerShell, both of which have been increasingly abused in recent malware attacks.
According to researchers at Palo Alto Networks, PowerSniff is distributed via spam emails containing what appears to be a harmless Microsoft Word document. Experts observed roughly 1,500 spam emails last week, most of which included information associated with the recipient, including names, phone numbers, physical addresses and other company details.
Once the recipient opens the attached document, a malicious macro embedded in the file attempts to invoke the Windows Management Instrumentation (WMI) service, which is used to create a hidden instance of PowerShell, the automation tool used by many system administrators. Since macros are disabled by default in Office to prevent abuse by malware, users might have to explicitly allow the malicious macro to run, unless they changed settings to allow macros to run by default.
Read more on this story : http://www.securityweek.com/powersniff-malware-attacks-abuse-macros-powershell