Zero-Day Vulnerability gives Hackers full access to PCs
infosec

Zero-Day Vulnerability gives Hackers full access to PCs

A new zero-day vulnerability, which acts as a backdoor, giving access to hackers so they can take control of a ...
Read More
infosec

EU: There is no evidence of Kaspersky's risk

In June of 2018, there was an issue with Kaspersky Lab's products. The European Parliament had approved ...
Read More
infosec

Wipro: Carry out research after discovering a violation of data

The technology company Wipro said it is conducting an internal investigation after discovering that for some months some hackers ...
Read More
infosec

The cost of rescuing files from ransomware doubled 2019

The ransomware attacks are very widespread this time. Surveys show that hackers have greatly increased their ...
Read More
infosec

Violation of 5.600 customer data from Blue Cross, Idaho

Another online attack is coming to the fore and this time is the victim of Blue Cross's insurance company ...
Read More
Latest Posts

Necurs botnet distributes 780.000 emails containing IQY files

The Necurs botnet through 5 different campaigns distributed over 780.000 emails earlier to 2018, all of which contained malicious IQY (Internet Querys for Excel), a most popular way to distribute malware. This number is too small for a botnet responsible for the 60% of spam traffic that was the last 3 months of 2017.

non-botnet-780000-iqy-files

What are IQY files?

Primarily, IQY files are text documents that contain an address from a site in order to enter information into the document. They are often used in corporate environments and in themselves are not a threat. However, we never know what kind of information it can "pull" from the internet, but whether it is safe or not.

By default, Microsoft does not allow IQY to run code automatically, and it always requests the user permission. But making a document look like a real one can confuse the user.

Some of the files that sent Necurs botnet were some allegedly unpaid accounts that contained within a link. When the user clicked the link, a rat (remote access tool) named FlawedAmmyy it started to run, and the user was infected. FlawedAmmyy's source code was released in March of 2018.

Cyber ​​criminals are constantly trying to change their tactics using file types that people often trust and use. And with today's security, platforms such as Gmail's offer Google, this constant change in malware distribution is necessary in order not to be "blocked" by the spam filter of any email service.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *