CVE-2019-0539 Root Cause Analysis
Most attacks tend to be “plain vanilla” – a phishing link, a fake website, a malicious executable and so on. But sometimes attackers can be particularly creative in the design of their technique. Recently our platform exposed such an approach. We detected a malicious .xls file that at first glance looks quite innocent. The Excel file contains completely random characters spread across the work sheet. When the user tries to close the file he encounters an error causing the application to crash repeatedly. A deeper investigation shows there to be a malicious Macro code inside the Excel file that, when closing the file, takes all of the random letters and creates an executable malicious code that infects the host with a malicious code.
Basically if a user opens this file – he could easily believe it to be junk and immediately close it, and voila! the attacker is in. Thanks to our Recursive Unpacker’s deep scanning capability combined with our Dropper engine, which handles macros and scripts, our Advanced Email Protection caught this attack before it hit the user’s inbox. To learn more about our solution, CLICK HERE
From uncovering a VBS backdoor that quotes the Fibonacci sequence to receiving “trust worthy” emails.
What is phishing exactly, how the technique works and how to prevent it.