Hello, welcome to the Friday, November 30th, 2018 edition of the Sandsenet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Not all malicious spam comes in English. Brad is looking at the recent example of mal-spam in Russian. Now the technique used here

is something that you're probably familiar with. It included an attached zip file and that

zip file if decompressed then reveals JavaScript which will then launched, download malware and in this case,

ransomware. The ransomware is actually quite old. Brad noted that the first time he covered

this particular ransomware was in 2014, so it's almost eight-year-old ransomware. But remember,

it's not the same ransomware as eight years

ago.

This ransomware kept evolving and as a result probably is still able to bypass some current

controls.

And of course for the attacker, it's pretty cheap and easy to just reuse old software like

this even if the success rate is probably not all that

large. Now if an attacker can get you to click on an email link and other popular way to reach

victims is malvertising. Malvertising refers to bad actors buying advertisements on otherwise benign websites and then redirecting users that visit a website to their content.

About two weeks ago, security company Confiant did detect a large malvertising campaign that did exceed prior campaigns by orders of Magnet.

A group that Confiant refers to as Spam Club managed to redirect 300 million browser sessions,

at least that's their estimate over the space of 48 hours.

The reason they were so effective was that they actually managed to get access to one of the

top five ad networks. Usually these melvertising campaigns use smaller ad networks. They of course

are a little bit easier to convince to then include these malicious advertisements. But on the other hand, these small ad networks

are usually used by smaller, less reputable sites.

...