SEC spoofed, malware hosted on US gov't server in new DNS attack

screen-shot-2017-10-12-at-08-30-38.jpg File Photo

Researchers have discovered a new version of the DNS Messenger attack which masquerades as the US Securities and Exchange Commission (SEC) and hosts malware on compromised government servers.

On Wednesday, security researches from Cisco Talos revealed the results of an investigation into DNS Messenger, a fileless attack which uses DNS queries to push malicious PowerShell commands on compromised computers.

A new version of this attack, which the team say is "highly targeted in nature," now attempts to compromise victim systems by pretending to be the SEC Electronic Data Gathering Analysis, and Retrieval (EDGAR) system -- recently at the heart of a data breach related to financial fraud -- in specially crafted phishing email campaigns.

These spoofed emails made them seem legitimate, but should a victim open them and download a malicious attachment contained within, a "multi-stage infection process" begins.

The malicious attachments used in this campaign are Microsoft Word documents. However, rather than using macros or OLE objects to gain a foothold into a system, the threat actors used a less common method of infection, Dynamic Data Exchange (DDE), to perform code execution and install a remote access Trojan (RAT).

http://www.zdnet.com/article/sec-spoofed-malware-hosted-on-us-govt-...

Views: 164

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega posted a blog post
1 hour ago
pohonemas33 team commented on tjdavis's photo
Thumbnail

DejaVu

"nice very goodjob, i wish you can visit official situs pohonemas33"
8 hours ago
Sandy posted a photo
17 hours ago
Doc Vega posted a blog post
yesterday
Saint Quinn favorited Burbia's video
yesterday
Doc Vega posted blog posts
Thursday
Burbia commented on tjdavis's blog post The Jewish Couple That Taught Bob Dylan Hebrew and Introduced Him to Zionism
"Haaretz put this story behind a pay wall. Sali Ariel and Terry Noble were the names of the couple…"
Wednesday
William Heckman is now a member of 12160 Social Network
Wednesday
cheeki kea commented on tjdavis's photo
Wednesday
cheeki kea commented on cheeki kea's video
Thumbnail

This Woman DESTROYED Harley-Davidson's Future Forever

"It's a sad day on the highway. But I guess the show must go on. Watch out for the ruination of…"
Wednesday
cheeki kea posted a video

This Woman DESTROYED Harley-Davidson's Future Forever

This Woman DESTROYED Harley-Davidson's Future ForeverWelcome to Ride Radar – Your Frontline Source for Motorcycle Deals, Trends & Market Mayhem.Looking for t...
Wednesday
tjdavis posted a photo
Wednesday
Burbia posted a status
"Who knew releasing the MLK files and literally deflecting, it ends up implicating himself with the Epstein Files."
Tuesday
Burbia posted a video

Dan Bilzerian DEMOLISHES MAGA Nutjob Patrick Bet-David on His Own Show

Watch as two powerhouse personalities collide in this no-holds-barred debate on one of the world’s most contentious issues. Patrick Bet-David, known for his ...
Monday
Doc Vega's 7 blog posts were featured
Jul 20
tjdavis's 2 blog posts were featured
Jul 20
Less Prone favorited tjdavis's blog post Track AIPAC
Jul 20
FREEDOMROX's blog post was featured

MRNA VACCINES: Question

Hello my fellow sojourners,I know it has been five years since the Plandemic, but one question has…See More
Jul 20
Less Prone favorited FREEDOMROX's blog post MRNA VACCINES: Question
Jul 20
cheeki kea commented on cheeki kea's photo
Jul 19

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted