26th June 2017 by Bill Brenner
Spora ransomware first detected in January is back with a new technique that attempts to confuse and bypass antivirus products and email filters, SophosLabs researchers have discovered.
Like previous campaigns, the contagion arrives in an email bearing a tainted HTA (HTML Application) file. But while the file clearly has an HTA file extension, the file itself is crafted to confuse scanners that might ordinarily stop an HTA file into thinking it’s a harmless PDF and letting it through instead.
The technique has only been seen in attacks that target a Russian-speaking population, but if it works well, chances are better than average that we’ll see the same trick being used to target users in other countries.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.