A new spam campaign that debuted last August is attempting to infect Turkish targets with the Adwind 3.0 remote access tool, using a previously undiscovered variant of a code injection attack that exploits Microsoft's Dynamic Data Exchange (DDE) data transfer protocol.

A key improvement to this variant is that it features new techniques to avoid anti-malware software detection, according to researchers from Cisco Systems' Talos division and ReversingLabs, who jointly studied the threat and both published blog posts detailing their observations.

The ongoing campaign, which commenced on Aug. 26 and peaked on Aug. 28, uses droppers with .csv or .xlt extensions, both of which are formats that Microsoft Excel opens by default. Naturally, the attackers are sending out phishing emails containing Excel attachments -- including one sample that attempted to entice victims with a message about the cost of footwear.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.