Malicious Email Campaign that Drops Ursnif

By   ISBuzz Team
Writer , Information Security Buzz | Jan 13, 2016 06:00 pm PST

The attack permits the malware to jump onto computers in a unique manner, using the ‘Range’ HTTPS header. The Ursnif malware is retrieved from the command and control server when the malware requests the file, but should a user browse to that location they see this JPG of the kangaroo below. The email uses a macro-laden Microsoft office document attachment, purporting to be from the Australian Taxation Office; with taxation proving to be a popular lure in 2016. The researchers also found that the malware authors made a mistake in their encryption routine, unintentionally making it easier for researchers to understand their techniques. Carl Leonard, principal security analyst at Raytheon|Websense have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Carl Leonard, Principal Security Analyst at Raytheon|Websense :

“Cybercriminals are always on the lookout for new ways of fooling unsuspecting victims into running their malicious code and evading researchers and investigators.

“Financially motivated crime remains more popular than ever among these actors and they will use any means necessary to obtain user credentials and personal information. It is vital that users remain aware of suspicious emails and never open anything they are unsure about or is from someone they don’t know.

“However, this attack also provides proof that cybercriminals are humans and as such they will make mistakes, which we as defenders can use to our advantage.”[/su_note]

[su_box title=”About Raytheon|Websense” style=”noise” box_color=”#336588″]Raytheon|WebsenseRaytheon Company (NYSE: RTN) and Vista Equity Partners completed a joint venture transaction creating a new company that combines Websense, a Vista Equity portfolio company, and Raytheon Cyber Products, a product line of Raytheon’s Intelligence, Information and Services business. The newly-formed commercial cybersecurity company will be known on an interim basis as Raytheon|Websense. The company expects to introduce a new brand identity upon completion of standard organisational integration activity.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x