silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft’s Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.
Full Report: Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs - TrendLabs Security Intelligence Blog
Full Report: Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs - TrendLabs Security Intelligence Blog