Computer News & Safety – Harry Waldron Rotating Header Image

Security – EMAIL malware attacks still abound in 2019

EMAIL malware attacks have been present for over 2 decades & even in 2019 dangers still exist as documented in this informative ISC research.  New malware attack designs now use PowerShell & other modern concepts to evade detection. 

https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/

I did some research into the delivery of the malicious documents I analyzed this weekend.  I obtained several emails used to deliver these malicious documents as attachment. It started February 4th. All these emails are replies to existing emails, some to emails many years old.  This PowerShell script downloads and executes 2 items (strictly speaking, 3 downloads, but that’s another story):

(1) Another PowerShell script
(2) A Windows EXE (PE file)

My hypothesis is the following: the downloaded PowerShell script is an email virus. It uses ActiveX automation to browse through the Outlook inbox of the user that opened the malicious document, and selects one or more received emails to reply to. The PowerShell scripts sends replies with the message I mentioned above, and a malicious document attached (inside a password protected ZIP file).

Comments are closed.