Powerful new malware is spreading through phishing campaigns using a Microsoft Word attachment. If the attachment is opened it enables macros, which allow the malware to be installed.
Called Smoke Loader, the malware has several components to it:
- It can download browser plug-ins for Firefox, Internet Explorer, Chrome, Opera, QQ Browser browsers and Thunderbird and Outlook email clients.
- These plug-ins are designed to steal stored credentials, such as passwords, and also sensitive information transferred over a browser.
- The malware can also be injected into applications like TeamViewer, an application that allows users to remotely view others desktops.
While Smoke Loader has been around for a number of years it has become increasingly sophisticated.
- Its creators have recently added anti-analysis techniques to make forensics difficult. Successful forensics can trace the source of the servers that distribute Smoke Loader them to be taken down.
- Runtime AV scanners, tracing, and debugging features have also been added to confound researchers who try and find out more about it.
Cast a wary eye
The best way to guard against phishing campaigns, alongside using good security software, is to be on your guard.
Phishing mails will have some form of bait message, such as an invoice, a parcel waiting to be collected or a PDF that needs downloading.
Cyber crooks are endlessly inventive in developing these ‘baits’. The golden rule to protect yourself is:
- Cast a healthily suspicious eye on an email that promises something yet is unexpected.
- Question emails from apparently legitimate organisations with which you have had no dealing. Cyber crooks are good at mocking up emails that appear to be legitimate.
- Look out for spelling or syntax errors; these are often clues that the email is not what it claims to be.
- Never reveal your personal information such as passwords, bank account numbers and card information even if the mail appears to be from your bank. If in doubt call your bank and speak to someone in the fraud department.
If you’re using BullGuard protection
malicious mails and dodgy website links will be flagged up as a warning. But it’s still good to know what these pernicious phishing mails contain and the tricks they use.