Malware News Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs

[silversurfer]

Content source

https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abusing-settingcontent-ms-found-dropping-same-flawedammy-rat-distributed-by-necurs/

Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft’s Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.

Full Report: Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs - TrendLabs Security Intelligence Blog