menu

Contact Us

1 (800) 723-1166 |

ursnif

Homeursnif
Homeursnif

LabTALK Episode 13: Kangaroos, Bicycles & Counting Down

Guest speaker Nicholas Griffin (Sr. Security Researcher) and Carl Leonard (Principal Security Analyst) discuss the malicious email campaign that drops Ursnif, the HTTPS Bicycle attack and look forward to the announcement of our new company name and identity.

Range Technique Permits Ursnif To Jump Onto Your Machine

On January 5th Raytheon|Websense® researchers noticed an interesting e-mail sample from a recent and ongoing e-mail campaign which contained a malicious document attachment and downloaded malware in a unique way. The Microsoft Office Word document downloaded the malicious payload from a JPG file but, where a normal browsing user would see an image of Kangaroo, the malicious document saw a different file - the Ursnif credential stealer.

fig 1. Actual image hosted on command-and-control server

 

Executive Summary