In the past few years one of the major improvements in the Windows environment was PowerShell. With Unix-style scripting capabilities automating windows administration tasks become possible. One of the major advantages of PowerShell is that it’s support most of Microsoft products from MS Office to Enterprise level applications such as MS SharePoint and MS Exchange.
But is it possible to use PowerShell for malicious purpose? If you remember the Melissa which was written in MS Office macro but that was in 1999 is it still possible?
According to TrendMicro[1] a new malware has been discovered that written in PowerShell. CRIGENT (aka Power Worm), TrendMicro has detected two malicious files (W97M_CRIGENT.A and X97M_CRIGENT.A) .These files arrived in an infected Word or Excel file.
The malware will download and install tor and Polipo then connect to Command and Control server. The malware collect some information from user’s machine (such as IP address, User account privileges Version, latitude...) and send it to its C&C server. In addition Power worm will infect other Word/Excel files, disable macro alerts and it will downgrade the infected file from Docx/xlsx to Doc/xls.
The best way to stop such a malware is disabling macro and don’t open any file from untrusted source.
'Security_News > 해외보안소식' 카테고리의 다른 글
| 가짜 투표 캠페인은 페이스 북 사용자의 신분을 훔치고 (0) | 2014.04.07 |
|---|---|
| PEStudio 8.18, Wireshark & VirusTotal을 사용 맬웨어 조사 가이드 동영상을 만들었습니다 (0) | 2014.04.07 |
| FACEBOOK BUG BOUNTY SUBMISSIONS DRAMATICALLY INCREASE (0) | 2014.04.06 |
| RESEARCHERS UNCOVER INTERESTING BROWSER-BASED BOTNET (0) | 2014.04.06 |
| MICROSOFT TO BLOCK UNWANTED ADWARE JULY 1 (0) | 2014.04.06 |