A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros



 
 
Thread Tools Display Modes
  #1  
Old May 25th 20, 01:33 AM posted to microsoft.public.windowsxp.general
Arlen Holder[_9_]
external usenet poster
 
Posts: 416
Default Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros

Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html

"We're tracking a massive campaign that delivers the legitimate remote
access tool NetSupport Manager using emails with attachments containing
malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12
and has so far used several hundreds of unique attachments."

"The emails claim to originate from The Johns Hopkins Center with titles
like "WHO COVID-19 SITUATION REPORT." The emails contain attached Microsoft
Excel files alleged to contain statistics on Covid-19 cases, and if opened,
will use Excel 4.0 macros to install and run NetSupport Manager. While
NetSupport Manager is a legitimate tool for remote control and desktop
access, Microsoft claims it's known to be abused by attackers to run code
on compromised machines."

"From there, the NetSupport RAT (Remote Access Tool) connects to a C2
server to administer more commands, and also runs "several .dll, .ini, and
other .exe files, a VBScript, and an obfuscated PowerSploit-based
PowerShell script."
https://twitter.com/MsftSecIntel/status/1262504864694726656
Ads
  #2  
Old May 25th 20, 01:06 PM posted to microsoft.public.windowsxp.general
JJ[_11_]
external usenet poster
 
Posts: 744
Default Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros

On Mon, 25 May 2020 00:33:24 -0000 (UTC), Arlen Holder wrote:
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html

"We're tracking a massive campaign that delivers the legitimate remote
access tool NetSupport Manager using emails with attachments containing
malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12
and has so far used several hundreds of unique attachments."

"The emails claim to originate from The Johns Hopkins Center with titles
like "WHO COVID-19 SITUATION REPORT." The emails contain attached Microsoft
Excel files alleged to contain statistics on Covid-19 cases, and if opened,
will use Excel 4.0 macros to install and run NetSupport Manager. While
NetSupport Manager is a legitimate tool for remote control and desktop
access, Microsoft claims it's known to be abused by attackers to run code
on compromised machines."

"From there, the NetSupport RAT (Remote Access Tool) connects to a C2
server to administer more commands, and also runs "several .dll, .ini, and
other .exe files, a VBScript, and an obfuscated PowerSploit-based
PowerShell script."
https://twitter.com/MsftSecIntel/status/1262504864694726656


What's dangerous is not the phishing mails or the malware code which comes
with them. It's the victims.
  #3  
Old May 25th 20, 02:19 PM posted to microsoft.public.windowsxp.general
Tim Slattery[_2_]
external usenet poster
 
Posts: 223
Default Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros

Arlen Holder wrote:

Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html

"We're tracking a massive campaign that delivers the legitimate remote
access tool NetSupport Manager using emails with attachments containing
malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12
and has so far used several hundreds of unique attachments."

"The emails claim to originate from The Johns Hopkins Center with titles
like "WHO COVID-19 SITUATION REPORT."


I've gotten bunches of emails recently with Excel macro-enabled files
(xlsm) attached. I think I've seen this one, but most of them purport
to be bills from someplace I've heard of but have not done any
business with. NOD32 is doing a pretty good job of weeding them out.

--
Tim Slattery
tim at risingdove dot com
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 10:31 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.