Hello, welcome to the Monday, December 4th, 2017 edition of the Santernut Stormsetters Stormcast.

My name is Johannes Ulrich and the day I'm recording from Jacksonville, Florida.

Every so often the bad guys just get lucky because we stop looking for some of these old attacks.

Renato has a recent example where Malver

actually used the good old Batfile in order to launch a script on Windows and then install

banking Malver. This particular Batfile has a virus total rating of 0 out of 58 and well it does install banking malware on

the user's system. Renato did observe this particular piece of malware intercepting traffic

to a number of different Brazilian banks. Now, they do play another trick that may contribute to

the low recognition, and that's that they actually claim that the file is UTF-16 encoded.

With that, if you look at the file using a standard editor, all you see is what looks sort of like Chinese

characters. I don't know if this fools any of the Anavirus tools, but it potentially did

contribute to the low virus total score. And then we got a second interesting diary. This one

by Xavier, he wrote about how jawodform is being abused by fishing kits. Jod forms is a cloud service that allows you to set up simple forms and collect data your users, enter. Well, in this case, the data is provided by a fishing site.

Tricks like this make it quite difficult to spot these fishing attacks. One of my tricks

to look for malicious activity is always to look for odd domain name lookups and I always recommend looking for that certainly

quite valuable but in this particular case all you would have seen is a DNS lookup for

Jodform which is a legitimate and somewhat popular site so it's probably something that you

may even whitelist.

And of all days on Saturday, Apple released a somewhat rushed update for iOS.

This is iOS 11.2.

It's a feature release of iOS. Now, the main reason this was released on Saturday was that it also addresses a bug in iOS

that became evident on December 2nd.

...