Of Mayans And Malicious Macros

  /     /     /  
Publicated : 22/11/2024   Category : security


Of Mayans And Malicious Macros


New attack poses as PowerPoint presentation on the end of the world



Blame it on the Mayans again. A new threat preying on an interpretation of the Mayan calendar that predicts the end of the world tomorrow, Dec. 21, is spreading.
Researchers at SophosLabs stumbled across a PowerPoint presentation called Will the world end in 2012? that contains malware. Whats interesting about the attack is that it uses macros (remember those?) to do its bidding. This Mayan-themed attack comes on the heels of one SophosLabs revealed yesterday that uses a rigged Microsoft Excel spreadsheet disguised as a tool to generate Sudoku puzzles.
The two attacks appear related, according to SophosLabs. Like the Excel spreadsheet, this file contained Visual Basic macro code that drops an executable file called VBA[X].exe, where [X] is a random capital letter. In fact, the macro was functionally identical to that found in the Sudoku puzzle, says Chester Wisniewkski, senior security adviser at Sophos. Also like the Sudoku generator, this sample required the user to enable macros, but didnt include the helpful tip on how to do it or really any good reason you might need a macro to learn about the end times.
Wisniewkski says the macros create a Windows Portable Executable file; a dropper downloads a picture of an owl and then connects to a command-and-control server. From there, its set to download another piece of malware, but SophosLabs says it didnt do so when it tested the malware.
The researchers say its likely an automatically generated attack.
I took a look around and discovered the original, uninfected files that these dangerous macros had been added to. The presentation about the world ending was created by a preacher in the United States who appears to have nothing to do with this booby-trapped version, Wisniewkski says. But dont search for the preso, he says.
The preachers WordPress blog has been compromised and is currently performing search engine manipulation duties for Viagra pushers, off-shore casinos, forex fraud, and payday loans, he says.
SophosLabs full post on the attack is
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Of Mayans And Malicious Macros