Results for visual basic

Threat Research

In-Depth Analysis of A New Variant of .NET Malware AgentTesla

FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”...

By Xiaopeng ZhangJune 28, 2017

Threat Research

IRS Notification? No, It is a Scam

In every country and region in the world, tax season is also a time when we see a spike in scams, phishing, and targeted malware. The tax return season in the US is coming to the end. Have you filed your tax return yet? Did you receive any notifications from the IRS (the Internal Revenue Service) in your email?  We did, but not from the real IRS. (Remember, the IRS never communicates important information with taxpayers by email.) FortiGuard Labs recently collected a number of malware samples related to the current tax season in the US....

By Xiaopeng ZhangApril 13, 2017

Threat Research

Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware

To survive, Macro downloaders have to constantly develop new techniques for evading sandbox environments and anti-virus applications. Recently, Fortinet spotted a malicious document macro designed to bypass Microsoft Windows’ UAC security and execute Fareit, an information stealing malware, with high system privilege. SPAM This malicious document is distributed by a SPAM email.  As part of its social engineering strategy, it is presented in the context of someone being interested in a product. Fig.1 SPAM with the malicious...

By Joie Salvio and Rommel JovenDecember 16, 2016

Threat Research

Information-stealing Malware Is Spread Via Word Document

Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data...

By Xiaopeng ZhangOctober 24, 2016