Locky – Page 4 – Computer Security Articles

Malicious macro using a sneaky new trick

January 23, 2017 admin antimalware, Antimalware research for IT pros and enthusiasts, Donoff, guidance, Locky, macro, Macro-based malware, malware, malware research, office, ransomware, Social engineering, VBA, VBAscript, Windows 10, Windows Defender, Word

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…

Microsoft Security

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

January 23, 2017 admin Kovter, Locky, Macro-based malware, Malvertising campaign, maps, MSRT, ransomware, Trojan, Windows Defender, Windows Defender for Windows 10

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large…

Microsoft Security

JavaScript-toting spam emails: What should you know and how to avoid them?

January 23, 2017 admin AppLocker Group Policy, backdoor, JavaScript spam attachment, JS/Locky, JS/Nemucod, JS/Swabfex, Locky, Nemucod, Rensomware payload, sample JavaScript email attachments, sample JavaScript spam, spam, spam email vector, Swabfex, Tecrypt, Trojan, Windows Defender

We have recently observed that spam campaigns are now using JavaScript attachments aside from Office files. The purpose of the code is straightforward. It downloads and runs other malware. Some of the JavaScript downloaders that we’ve seen are: TrojanDownloader:JS/Swabfex TrojanDownloader:JS/Nemucod TrojanDownloader:JS/Locky The same JavaScript downloaders are also responsible for spreading the following ransomware: Ransom:Win32/Tescrypt Ransom:Win32/Locky…

Microsoft Security

Locky malware, lucky to avoid it

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Bartallex, Locky, macro, macros, maps, Microsoft Active Protection Service, Office 16, Office 365 Advanced Threat Protection, Ransom:Win32/Locky.A, ransomware, Windows Defender blogs for home users and small businesses

You may have seen reports of the Locky malware circulating the web; we think this is a good time to discuss its distribution methods, and reiterate some best-practice methods that will help prevent infection. We’ve seen Locky being distributed by spam email, not in itself a unique distribution method, but this means that spreading is…