web analytics

Researchers uncover PowerShell Trojan that uses DNS queries to get its orders

Delivered by “secure” Word doc, pure PowerShell malware fetches commands from DNS TXT records.

 

                          

 

Sean Gallagher –

 

Researchers at Cisco’s Talos threat research group are publishing research today on a targeted attack delivered by a malicious Microsoft Word document that goes to great lengths to conceal its operations. Based entirely on Windows PowerShell scripts, the remote access tool communicates with the attacker behind it through a service that is nearly never blocked: the Domain Name Service.

 

The malware was first discovered by a security researcher (@simpo13) who alerted Talos because of one peculiar feature of the code that he discovered: it called out Cisco’s SourceFire security appliances in particular with the encoded text, “SourceFireSux.”

 

Full Article

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico