Hello, welcome to the Monday, April 20th, 2020 edition of the Sandton Storm Center's Stormcast. My name is Johannes Ulrich. And yet again, I'm recording today from Jacksonville, Florida.

Xavier on Friday looked at yet another COVID-19 related piece of malware.

Now, the malware arrived with sort of a COVID-19-related email,

but what's kind of special about the malware is that the malware itself was fairly generic

and sort of used a template to create the email that would be used to spread it, but also a related malicious RTF document.

This RTF document exploited the equation editor vulnerability.

That's a little bit older vulnerability, but we still see this being abused quite a bit in these malicious emails, and the actual exploit in the

template did launch calc.exe, the Windows calculator, which is a standard sort of proof-of-concept

kind of exploit, and it would then just swap it out for whatever PowerShell script, this particular

version of the attack was going to run.

Also sort of interesting, the Malware would actually only really run if you're running Outlook,

and then it would email itself to all of your Outlook contact.

So an example of commodity Malware that we see just being spread out to millions of victims

in the hope that a couple of them will fall for it.

And on Friday, I reported how a signature update to Microsoft security apparently caused some

problems and crashes for users.

Looks like Microsoft did the expected thing and published a new signature update that should have fixed this.

Now, no action should really be necessary at this point unless you're still experiencing the crashes.

In which case, you need to trigger a manual update of the signatures,

and that should hopefully take care of your problems.

And talking about security software going bad,

Sophos had to remove a firmware update for its UTM devices.

...