menu

Contact Us

1 (800) 723-1166 |

new

Homenew
Homenew

Range Technique Permits Ursnif To Jump Onto Your Machine

On January 5th Raytheon|Websense® researchers noticed an interesting e-mail sample from a recent and ongoing e-mail campaign which contained a malicious document attachment and downloaded malware in a unique way. The Microsoft Office Word document downloaded the malicious payload from a JPG file but, where a normal browsing user would see an image of Kangaroo, the malicious document saw a different file - the Ursnif credential stealer.

fig 1. Actual image hosted on command-and-control server

 

Executive Summary