FortiGuard Labs Threat Research
New Remcos RAT Variant is Spreading by Exploiting CVE-2017-11882
Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.
FortiGuard Labs Threat Research
Analysis of New Agent Tesla Spyware Variant
Recently, FortiGuard Labs captured a new malware sample that was spread via Microsoft Word documents. After some quick research, I discovered that this was a new variant of the Agent Tesla spyware. I analyzed another sample of this spyware last June and published a blog about it. In this blog, I want to share what’s new in this new variant.
FortiGuard Labs Threat Research
FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Word
Over the last few months we discovered and reported multiple vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January (MS17-002) and March (MS17-014) security updates. These patches are rated as important, and as always, we suggest users update Microsoft Office as soon as possible.
FortiGuard Labs Threat Research
Information-stealing Malware Is Spread Via Word Document
Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data...
