Crooks Hijack “Black Lives Matter” To Spread Zombie Malware
I have nothing to do with this storyand all rights are the property ofNaked Security forSophos byPaul Ducklin 
These crooks aren’t piling on any pressure; they aren’t playing on emotions such as guilt or fear; and they aren’t even requiring you to get involved under your own name. If you get one of these, don’t open the attachment – it’s a trap! We opened it so you don’t have to, and we must grudgingly admit that the trick the crooks have used here is easy to fall for. Remember that Word documents can contain what are commonly known as macros – embedded program code written in the Visual Basic for Applications programming language, or VBA for short. The problem with macros is that the term sounds safe and innocent – the word harks back to the days of really simple keystroke recorders that you could use to automate simple tasks in word processors or spreadsheets. But VBA today is as powerful and as dangerous as C, C++, Delphi, Perl, Python or any other programming language that’s associated with full-blown, standalone applications that you install and run locally. VBA needs an Office application running (usually Word, Excel or PowerPoint) to make it work, but once you agree to let VBA code run from inside an Office file, it has full access to your computer just as if the VBA program were running outside Office. In other words, VBA inside a Word file isn’t like JavaScript in your browser – there’s no sandbox or walled garden to restrict the damage it can do.
Example subject lines:
Give YOUR Feedback anonymous about "Black Lives Matter"
Leave a review nameless about "Black Lives Matter"
Speak out confidentially about "Whose Lives Matter"
Tell your government your opinion nameless about "Whose Lives Matter"
Vote anonymous about "Black Lives Matter"
Example email first lines:
Give your opinion anon about "Whose Lives Matter"
Let us know your opinion nameless about "Whose Lives Matter"
Speak out confidentially about "Whose Lives Matter"
Tell your government your opinion anonymous about "Black Lives Matter"
Vote anonymous about "Black Lives Matter"
Example attachment descriptions:
Assertion included
Claim in attached file
Contention included
Form in attached file
Statement included
Example attachment filenames:
e-vote_form_1324.doc
e-vote_form_32411.doc
e-vote_form_41429.doc
e-vote_form_83110.doc
e-vote_form_9017.doc
This is,Letting You Know So You Can Stay SafeJim Hauenstein
And,
“Every conceivable layer of the election process is completely riddled with vulnerabilities, so yes, hacking elections is easy!”
- James Scott -
That is my story and I am sticking to it!
Like what you are reading?
Sign up as a Follower,or leave a Comment.If it's worthy enough,I'll answer you in a Post.
Thanks for reading.
Be Kind To Everyone.
I'll Be Seeing You.
These crooks aren’t piling on any pressure; they aren’t playing on emotions such as guilt or fear; and they aren’t even requiring you to get involved under your own name. If you get one of these, don’t open the attachment – it’s a trap! We opened it so you don’t have to, and we must grudgingly admit that the trick the crooks have used here is easy to fall for. Remember that Word documents can contain what are commonly known as macros – embedded program code written in the Visual Basic for Applications programming language, or VBA for short. The problem with macros is that the term sounds safe and innocent – the word harks back to the days of really simple keystroke recorders that you could use to automate simple tasks in word processors or spreadsheets. But VBA today is as powerful and as dangerous as C, C++, Delphi, Perl, Python or any other programming language that’s associated with full-blown, standalone applications that you install and run locally. VBA needs an Office application running (usually Word, Excel or PowerPoint) to make it work, but once you agree to let VBA code run from inside an Office file, it has full access to your computer just as if the VBA program were running outside Office. In other words, VBA inside a Word file isn’t like JavaScript in your browser – there’s no sandbox or walled garden to restrict the damage it can do.Example subject lines:
Give YOUR Feedback anonymous about "Black Lives Matter"
Leave a review nameless about "Black Lives Matter"
Speak out confidentially about "Whose Lives Matter"
Tell your government your opinion nameless about "Whose Lives Matter"
Vote anonymous about "Black Lives Matter"
Example email first lines:
Give your opinion anon about "Whose Lives Matter"
Let us know your opinion nameless about "Whose Lives Matter"
Speak out confidentially about "Whose Lives Matter"
Tell your government your opinion anonymous about "Black Lives Matter"
Vote anonymous about "Black Lives Matter"
Example attachment descriptions:
Assertion included
Claim in attached file
Contention included
Form in attached file
Statement included
Example attachment filenames:
e-vote_form_1324.doc
e-vote_form_32411.doc
e-vote_form_41429.doc
e-vote_form_83110.doc
e-vote_form_9017.doc
This is,Letting You Know So You Can Stay SafeJim Hauenstein
And,
“Every conceivable layer of the election process is completely riddled with vulnerabilities, so yes, hacking elections is easy!”
- James Scott -
That is my story and I am sticking to it!
Like what you are reading?
Sign up as a Follower,or leave a Comment.If it's worthy enough,I'll answer you in a Post.
Thanks for reading.
Be Kind To Everyone.
I'll Be Seeing You.
No comments have been added yet.
