New Trickbot Delivery Method Focuses on Windows 10

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://www.darkreading.com/attacks-breaches/new-trickbot-delivery-method-focuses-on-windows-10/d/d-id/1337207
Researchers have identified the use of Windows 10 functionality to automatically execute the OSTAP JavaScript downloader on victim machines. In their investigation, they found other attack groups abusing the same control, and earlier controls, with a slightly different technique.

The functionality being exploited is the latest version of the remote desktop ActiveX control class introduced for Windows 10, Morphisec Labs analysts explain in a blog post. Over the past few weeks, they have identified "a couple dozen documents" that execute the OSTAP JavaScript downloader.

Attackers use the ActiveX control to automatically execute a malicious macro after a victim enables a document. Most documents held an image to convince people to enable the content. Doing this executed the malicious macro; however, the image also concealed an ActiveX control below it. The OSTAP downloader is hidden in white text so it's invisible to people but can be read by machines. Researchers report this technique will work only on Windows 10 devices.

"As newer features are introduced to a constantly updating OS, so too the detection vendors need to update their techniques to protect the system," according to the blog post. "This often creates very exhaustive and time-consuming work, which in turn can lead to the opposite effect of pushing defenders even farther behind the attacker." Trickbot attackers are taking advantage of this.

Read more details here.
Click to expand...
 
  • Like
  • +Reputation
Reactions: shmu26, Gandalf_The_Grey, [correlate] and 10 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
The old problem with Windows. New features, new dangers.:unsure:
It looks like Microsoft would like to support cybercriminals because Windows became so secure, and they could die from hunger. :)
 
Last edited:
  • Like
Reactions: shmu26, harlan4096, [correlate] and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
Sampei Nihira said:
But look a little .......😁😁
Strange that cyber criminals focus on W10 when most would prefer that they focus on Windows XP, Windows Vista, Windows 7 .......
Click to expand...

It is probably true (as you suggest in your joke :) ) that Windows 10 can be the most attacked system because it is now the most popular one. Anyway, this can be compensated by the fact that it is also the most secure one. Most of the successful attacks on institutions, organizations, and enterprises were possible due to unpatched vulnerabilities - almost all of them could be patched long before the attack.
It can be also true, that Windows XP will be the most secure system in 5 years, because it will be almost impossible to find it installed on any machine.:)
 
  • Like
Reactions: Protomartyr, silversurfer, [correlate] and 1 other person
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
It is probably true (as you suggest in your joke :) ) that Windows 10 can be the most attacked system because it is now the most popular one. Anyway, this can be compensated by the fact that it is also the most secure one. Most of the successful attacks on institutions, organizations, and enterprises were possible due to unpatched vulnerabilities - almost all of them could be patched long before the attack.
It can be also true, that Windows XP will be the most secure system in 5 years, because it will be almost impossible to find it installed on any machine.:)
Click to expand...

True, W.10 is the safest Windows OS of the previous ones.
It doesn't seem difficult to me.;)
Like tomorrow, an OS W.11 will be safer than the current one.

But how much more code than W.XP is there in an OS W.10?
So much so that there are certainly dangerous vulnerabilities just waiting to be discovered.(y)
Malware-writers today develop malware that targets this unique Windows OS in the vast majority of cases.
And above all specific for OS x64.

As a matter of fact, the Windows OSes of the past will gradually become safer.
 
  • Like
Reactions: Protomartyr, harlan4096, [correlate] and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
Sampei Nihira said:
...
But how much more code than W.XP is there in an OS W.10?
So much so that there are certainly dangerous vulnerabilities just waiting to be discovered.(y)
...
As a matter of fact, the Windows OSes of the past will gradually become safer.
Click to expand...
We have now the situation that there are some Windows XP kernel vulnerabilities that will be probably discovered and not patched, so they will be a bulletproof door to any XP machine. Furthermore, there are fewer and fewer applications on Windows XP, which do not have vulnerabilities, because the vendors simply do not support them anymore. Windows XP can be attacked by vulnerabilities discovered in Windows IoT (Windows Embedded). Most malware can still infect Windows XP.
On the other side, we have Windows 10 which introduces many more vulnerabilities, which are usually patched (but not always) before they are used in the wild.

No one can evaluate the chances of being infected on Windows XP (restricted as in your setup) as compared to default Windows 10 setup, because they depend mostly on cybercriminals.
So you have the security choice similar to choosing between a long journey in a good new car or the short trips in the very old car repaired by you. :) (y)
 
Last edited:
  • Like
Reactions: Protomartyr, harlan4096, Sampei Nihira and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287

Operating system market share

This report lists the market share of the top operating systems in use, like Windows, Mac, iOS, Android, and Linux.
netmarketshare.com netmarketshare.com

Even today, Windows XP installations outnumber Linux installations.
And after the end of extended support, no XP-apocalypse occurred as predicted by many of you.

As I have always said, I also personally use an OS W.10 as well as an OS W.XP which, however, in my hands and with my knowledge and security configuration remains as safe as many of the configurations present in the specific subforum.

No difficulty finding updated software even today.
The same MBAE latest build can be installed with Windows XP.

Certainly we who use the OS Windows of the past must take more care than others to make a more restrictive setting in some components for example the browser.
 
  • Like
Reactions: Protomartyr, harlan4096, [correlate] and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
One remark about being attacked on Windows 10 and on Windows XP.
Suppose that I have a choice between Windows XP and vanilla Windows 10.
Let's assume that the chances of infection will be twice bigger on Windows 10 (????) due to the custom restrictions and anti-exploit software on Windows XP. Still, I will choose Windows 10, because I prefer to catch a cold twice than get one cancer.;)
 
  • Like
  • Wow
Reactions: Protomartyr, silversurfer, harlan4096 and 3 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
One remark about being attacked on Windows 10 and on Windows XP.
Suppose that I have a choice between Windows XP and vanilla Windows 10, and the chances of infection will be twice bigger on Windows 10 (????) due to the custom restrictions and anti-exploit software on Windows XP. Still, I will choose Windows 10, because I prefer to catch a cold twice than get one cancer.;)
Click to expand...

With Covid 19 almost becoming a pandemic, having a cold today is risky for health.;)
 
  • Like
Reactions: Andy Ful and [correlate]
Outpost

Outpost

Level 5
Verified
Well-known
Jan 11, 2020
220
@Sampei Nihira

To be honest, you and your XP are a borderline case. (And this is meant to be a compliment) I think @Andy Ful intends to say (if I am wrong interpretation, feel free to deny me) that nowadays (to stay on topic with the medical example) is having an XP system is like being a subject who already has pathologies and because of Covid, it could have serious consequences. Then there are the exceptions (as in your case), an elderly person (OS) who is kept up to date (nutrition), who keeps himself in shape, who has no particular pathologies, who performs weekly medical checks. All this, however, is an exception, because if you admit it, the average situation (the outside) is definitely worse than you.
 
  • Like
Reactions: Protomartyr, silversurfer, Sampei Nihira and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Outpost said:
@Sampei Nihira

To be honest, you and your XP are a borderline case. (And this is meant to be a compliment) I think @Andy Ful intends to say (if I am wrong interpretation, feel free to deny me) that nowadays (to stay on topic with the medical example) is having an XP system is like being a subject who already has pathologies and because of Covid, it could have serious consequences. Then there are the exceptions (as in your case), an elderly person (OS) who is kept up to date (nutrition), who keeps himself in shape, who has no particular pathologies, who performs weekly medical checks. All this, however, is an exception, because if you admit it, the average situation (the outside) is definitely worse than you.
Click to expand...

You are definitely right.(y);):)
 
  • Like
Reactions: Andy Ful
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
New IcedID variants shift from bank fraud to malware delivery
Replies
0
Views
833
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Replies
0
Views
1,170
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Malware News New Bandook RAT Variant Resurfaces, Targeting Windows Machines
Replies
0
Views
1,164
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top