The attack permits the malware to jump onto computers in a unique manner, using the ‘Range’ HTTPS header. The Ursnif malware is retrieved from the command and control server when the malware requests the file, but should a user browse to that location they see this JPG of the kangaroo below. The email uses a macro-laden Microsoft office document attachment, purporting to be from the Australian Taxation Office; with taxation proving to be a popular lure in 2016. The researchers also found that the malware authors made a mistake in their encryption routine, unintentionally making it easier for researchers to understand their techniques. Carl Leonard, principal security analyst at Raytheon|Websense have the following comments on it.