Incident Response, Malware, TDR, Threat Management

Researchers spot macro malware used to spread Neutrino

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot, also known as Kasidet, via spearphishing emails.

Over the past two weeks, attackers have been using the same visual basic for applications (VBA) macros found in Microsoft Office that have been leveraged to place Dridex to drop Neutrino as well, according to a Jan. 29 security post.

The malicious Office documents are spread as an attachment using spearphishing emails, researchers said in the post.

Once downloaded, researchers observed the particular strain of Neutrino stealing information from users' machines through memory scrapping and browser hooking.

The malware, which uses macros found in Windows Office products, saw its heyday in the late 90's when it was first observed and known as the Melissa virus.

Microsoft had taken security steps, including adding a permissions step for Office documents users, to help curtail the problem, but a new and improved version was spotted late last year.

Office macros have also been used as a vector to spread the banking Trojans and the BlackEnergy Trojan as of late, researchers said in the post.

Researchers said the shared methods don't necessarily establish any links between the two malware family authors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.