Cisco Blogs
Share

Fareit Spam: Rocking Out to a New File Type

- November 22, 2016 - 0 Comments

This post authored by Nick Biasini

Talos is constantly monitoring the threat landscape including the email threat landscape. Lately this landscape has been dominated with Locky distribution. During a recent Locky vacation Talos noticed an interesting shift in file types being used to distribute another well known malware family, Fareit.

We’ve discussed Fareit before, it’s a trojan used to steal credentials and distribute multiple different types of malware. The focus of this post will not be on Fareit but on a new way attackers are working to distribute it via email. Locky has been a case study in how to leverage different file extensions in email to distribute malware. The use of various file types such as .js, .wsf, and .hta have been used quite successfully for Locky. We’ve already noted other threats making use of .js for distribution largely due to Locky’s success. Recently we observed another uncommon file type associated with email and decided to dig a little further on the infection chain.

Read More >>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share