(The JavaScript file that was in the original zip file provides a similar experience.) The Word document downloaded a base64-encoded text document, wrote it to the user’s %temp% folder, renamed it to. Just for fun, I enabled macros in an isolated network environment and monitored what happened next using Process Monitor from Sysinternals. I was surprised that the spammers are now using the latest version of Office as an excuse as to why you can’t read their (macro-enabled) document.īy the way – if you’re thinking that the image looks genuine, it’s because it is! It’s the ‘Upgrade to Windows 10’ box that pops up, just with some minor edits to the text. Attached was a zip file with 2 files inside – a Word document and a JavaScript file: Well, I received an email with the usual ‘please see attached document, or it’ll cost you lots of money’. What steps should I have been undertaking to protect my system from file-encrypting malware? Background While the FBI continues to investigate the MedStar attacks and a series of other recent ransomware attacks, I decided to describe a case from my own experience when I received an encrypted file and opened it.
0 kommentar(er)
