SEC spoofed, malware hosted on US gov't server in new DNS attack

screen-shot-2017-10-12-at-08-30-38.jpg File Photo

Researchers have discovered a new version of the DNS Messenger attack which masquerades as the US Securities and Exchange Commission (SEC) and hosts malware on compromised government servers.

On Wednesday, security researches from Cisco Talos revealed the results of an investigation into DNS Messenger, a fileless attack which uses DNS queries to push malicious PowerShell commands on compromised computers.

A new version of this attack, which the team say is "highly targeted in nature," now attempts to compromise victim systems by pretending to be the SEC Electronic Data Gathering Analysis, and Retrieval (EDGAR) system -- recently at the heart of a data breach related to financial fraud -- in specially crafted phishing email campaigns.

These spoofed emails made them seem legitimate, but should a victim open them and download a malicious attachment contained within, a "multi-stage infection process" begins.

The malicious attachments used in this campaign are Microsoft Word documents. However, rather than using macros or OLE objects to gain a foothold into a system, the threat actors used a less common method of infection, Dynamic Data Exchange (DDE), to perform code execution and install a remote access Trojan (RAT).

http://www.zdnet.com/article/sec-spoofed-malware-hosted-on-us-govt-...

Views: 164

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega posted a blog post

Three Must See Movies for Halloween

Grab Your Popcorn and Settle In!  If you really want to get in the mood for Halloween and you like…See More
1 hour ago
Bob of the Family Renner posted photos
3 hours ago
Doc Vega posted a blog post

Terror on All Hallows Eve

Chapter IElizabeth was angry. All of her friends were going to be out on Halloween, but her. She…See More
yesterday
Jeff favorited Jeff's profile
yesterday
Jeff favorited Jeff's profile
yesterday
Jeff favorited Doc Vega's profile
yesterday
Jeff is now a member of 12160 Social Network
Sunday
Doc Vega posted blog posts
Friday
tjdavis posted a video

How Corporations Are Secretly Poisoning Our Food Supply

Dupont and 3M have been secretly poisoning America for decades. PFAs — also known as forever chemicals—are now in our food, water, clothes, and our blood. Th...
Friday
Doc Vega posted a blog post

They Won’t Stop

 The demonically driven left will not stop. Makes no difference how much violence they call for or…See More
Oct 22
Doc Vega posted a blog post

What US Scientist unwittingly helped the Nazis devise the V-2 Missile?

  In the early 1920’s and leading up to World War II German technology outpaces the peace time…See More
Oct 20
tjdavis favorited Sandy's video
Oct 19
tjdavis posted a photo
Oct 19
Christopher Walker is now a member of 12160 Social Network
Oct 19
tjdavis posted videos
Oct 19
Burbia commented on tjdavis's photo
Thumbnail

Reflection

"Let's see if this goes past indictment."
Oct 18
Doc Vega commented on Doc Vega's blog post Something Watches From Out there in the Wilderness
"cheeki kea That's very interesting history. So many things about history that go ignored or…"
Oct 18
Burbia commented on Burbia's video
Oct 18
Burbia posted a video

Programmed To Kill/Satanic Cover-Up Part 433 (The Charlie Kirk Conspiracy Show)

https://www.programmedtokill.net/projects---- DISCLAIMER! ----Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair u...
Oct 18
cheeki kea commented on cheeki kea's photo
Thumbnail

American werewolf- 2018

"Yip I've looked again and this is what the creature looks like, even has stripes just like…"
Oct 18

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted