19 Mar Coronavirus Used in Spam, Malware, and Malicious Domains
Coronavirus Used in Spam, Malware, and Malicious Domains
Today I received a news from Sophos and I verified with TrendMicro, indicating a new campaign of Spam and Malware by the coronavirus, the same one that has already been reported a global pandemic.
According to the blog, domains with the word "Corona" are already registered, the same ones that are already identified.
The victim was sent an email with the subject "Latest updates of the Corona Virus" and stated that it came from the Ministry of Health.
It contains recommendations on how to prevent infection, and it comes with an attachment that supposedly contains the latest COVID-19 updates, but it actually carried malware.
When the file is opened, if macros are disabled, the Word or Excel document displays a message asking the recipient to enable editing and content because "This document was created in an earlier version of Microsoft Office Word."
If macros are already enabled, or if the targeted user complies with the instructions, the VBA script does a number of things:
2. It connects back to a PHP script on a remote server (hxxps: // 185 [.] 234.73.125 / wMB03o / Wx9u79.php in some samples) - passing the IP address and some basic details about the target as variables within an HTTP GET request.
1. We proceeded with the blocking in the Firewall of the command and control IP addresses identified by Sophos.
2. The domains indicated by TrendMicro that contain the word "Corona" were also blocked.
3. Lastly, malicious mail containing the keyword "Corona" will be monitored in the mail protection service
All delivered as IT-As-A-Service (ITaaS) via the Go.Allari Platform for daily support and projects related to ERP, Database, Helpdesk, Security, and Vulnerability Management. Its breadth of Platform Coverage is extensive, covering all Major Platforms including JD Edwards EnterpriseOne, Oracle Database, MS SQL, Microsoft BI, Qualys IT Security and many more.
Allari supports its customers from locations around the Globe 24/7. To learn more visit: https://www.go.allari.com/