Over two months ago, we wrote about phishing emails that contained zip files containing html downloaders to versions of CryptoWall. Fast forward to now, and we’re still seeing the same phishing story, but different attachments. Here’s a screenshot:
In March of this year, reports of malspam campaigns utilizing an email attached “.doc.js” files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented here and here. Therefore, this post will concentrate on the botnet behind the malspam delivery and subsequent download for these recent malspam campaigns. It is believed that the miscreants behind the development of these trojans use an affiliate model to have their malicious wares infect victims via botnet or exploit kit operators.
Hello everyone, and thank you for coming to check out the Yara CTF answers! We had a TON of folks who were interested in the challenge, many submitted answers, and many folks enjoyed the challenges. Some of the best feedback we received was “This was the shortest plane ride over to Vegas. Thanks, PhishMe!”
LEESBURG, Va., August 17, 2015 – PhishMe® Inc., the leading provider of phishing threat management solutions that empower employees to be a layer of human security sensors against phishing, malware, and drive-by attacks, today announced that Inc. Magazine has named it one of the 2015 Top 5000 Fastest-Growing Private Companies in the U.S. PhishMe ranked in the 89th percentile of all companies evaluated. Among security companies, it ranked in the top 10 nationwide and No. 2 in the State of Virginia.
LEESBURG, Va. and LAS VEGAS – August 5, 2015 – PhishMe® Inc., the leading provider of phishing threat management solutions that empower employees to be a layer of human security sensors against phishing, malware, and drive-by attacks, today announced enhancements to its PhishMe Triage product. Triage is the industry’s only anti-phishing solution that leverages human intelligence to provide security operations center (SOC) analysts and incident response teams with real-time, automated analysis and insights into live phishing attacks against their organizations. New to Triage are:
Welcome and good luck on the CTF!
Password: “Go forth and hack!!##one1”, no quotes.
One of the challenges is to write an exploit, so please exercise responsible disclosure on this one! We will be working with the developers to get the code patched ASAP!
Please note: Challenge #4 contains a typo, it needs a Yara rule, not a key. Sorry for the error.
Deadline for submissions: We will close the contest at 8 AM (PDT) on Thursday, August 6.
People are often curious about what percentage of users will fall for a phishing attack, and it’s tempting to try to create this kind of statistic. At PhishMe, we’ve found that trying to assign a blanket statistic is counterproductive – however this hasn’t stopped others in the industry from trying to do so. The most recent company to try is Intel Security (formerly McAfee), which declared that 97% of people globally were unable to correctly identify phishing emails. While this statistic certainly makes for a nice headline, it is broad-based and flawed in a number of ways.
For a long time, attackers have used .zip files in order to carry their bad stuff to organizations. Typically attackers include the malware in an .exe or screensaver file in the .zip , but we’ve noticed attackers trying to tell a different story in a recent wave of attacks. Here’s a screenshot of one of the emails:
Once opened, the user is prompted to download a .zip file. We can see this in the iframe of the html file inside, as well as the .zip file that is downloaded.