A new spam campaign that debuted last August is attempting to infect Turkish targets with the Adwind 3.0 remote access tool, using a previously undiscovered variant of a code injection attack that exploits Microsoft's Dynamic Data Exchange (DDE) data transfer protocol.
A key improvement to this variant is that it features new techniques to avoid anti-malware software detection, according to researchers from Cisco Systems' Talos division and ReversingLabs, who jointly studied the threat and both published blog posts detailing their observations.
The ongoing campaign, which commenced on Aug. 26 and peaked on Aug. 28, uses droppers with .csv or .xlt extensions, both of which are formats that Microsoft Excel opens by default. Naturally, the attackers are sending out phishing emails containing Excel attachments -- including one sample that attempted to entice victims with a message about the cost of footwear.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.