Caution – Emails with the Title ‘Request for Purchase Order’ being Distributed to Companies Posted By jcleebobgatenet , January 28, 2021 Multiple malicious emails with the title ‘Request for Purchase Order’ are being distributed to multiple companies. These spam mail attacks, which were first distributed in the second half of last year to random companies with the purpose of stealing user account, are still being distributed. To steal a user’s company email account, the attacker either prompted the users to access a phishing web page, or distributed executable of Lokibot, the info-stealer malware. So far, two titles are found in the…
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant Posted By AhnLab_en , January 5, 2021 In November last year, there was a case that shocked not only the security industry, but also all of the Korean industries. The system of E-Land Group, the distribution giant, was infected by the ‘CLOP Ransomware.’ According to the press report that quoted an associate of the company, over half of the brick-and-mortar stores were affected by the ransomware, leading to disruption of business. This incident showed that the ransomware attacks can occur regardless of company size, and Korean industries…
Malware Distributed via Discord along with Illegal Pornography Posted By Sanseo , December 28, 2020 The ASEC analysis team recently discovered batches of RAT (Remote Administration Tool) malware that is being distributed via Discord messenger. Currently, a downloader malware that downloads these batches of malware is being distributed under the name ‘porn URL.exe’ and when this malware is run, it downloads various RAT malwares externally and installs them. Discord is an instant messenger program that supports text chat, voice chat, and video chat. This program is one of the most popular instant messengers that is…
Magniber Ransomware Changed Vulnerability (CVE-2019-1367 -> CVE-2020-0968) and Attempted to Bypass Behavior Detection Posted By jcleebobgatenet , December 22, 2020 At the beginning of this year, ASEC analysis team published the change of vulnerability which is used by the developer of Magniber to distribute the ransomware. Since September 23, 2019, CVE-2019-1367 vulnerability, which the developer of Magniber used for distribution, stopped operating in the systems with emergency security patch (Version 1903) applied. In response, the developer changed the latest vulnerability to CVE-2020-0968, expanding the infection target range. On top of this occurrence, CVE-2020-0968 security patch (distributed on April 15, 2020)…
PHP WebShell Malware using Image Files Posted By jcleebobgatenet , December 9, 2020 WebShell is a file that is uploaded to a web server which runs file navigation or system shell commands. The attacker can use the web browser to navigate through the files of the server system and issue shell commands. Certain file extensions for uploaded files can be restricted to prevent malicious WebShell files from being uploaded to the server; however, the attacker can bypass such actions with the following method: Upload a file that bypasses the Server-Side Script’s file extension…
