Spoofed Canada Revenue Agency Important – Secure Bank Communication malspam delivers Trickbot banking Trojan — 2 Comments

  1. We received over 700 of these which is strange, because lately we have only been receiving a handful with each malspam run. As per my previous comment, I am catching these because I am looking for Base64 encoding inside attachments, for the particular words which allow Microsoft Office documents to run a macro as soon as they are opened.
    I have no idea why anti-virus companies are not looking for ‘autoopen’, ‘AutoOpen’, ‘Document_Open’, ‘Workbook_Open’ and other permutations inside Office documents. Every time a new obfuscated-to-hell Office document comes out, the antivirus companies create a new signature for one file. What is the point ?
    Or, why can’t Microsoft release a patch that stops these functions from being allowed to run.
    Is there seriously a need for them ?

Leave a Reply

Your email address will not be published. Required fields are marked *