Hello, welcome to the Monday, July 13th, 2020 edition of the Sandton, Storm Center's Stormcast. My name is Johannes Ulrich,

and then I'm recording from Jacksonville, Florida. And while I'm recording from Jacksonville,

well, well, I'll actually be teaching virtually in Europe this week.

So recording of the podcast will be a little bit of off hours based on the European schedule,

but the podcast should still go live at the regular schedule time.

On Friday, Brad took a look at the latest example of the form book Malvair.

Now, form book has been around since 2016-ish, according to Braddy's quoting Fire Eye on this one.

But while it's still going around and the sample

that Brad is analyzing, actually, he just came across on Thursday. So still a current sample,

still using the old Excel macro trick to install itself. And if you want to walk through this particular sample and how it

did its job of downloading then formbook using the Excel macro, well, take a look at the packet

capture that Brad is linking to from his diary post.

As Brad says in his diary that this type of malware should really not be a problem anymore.

If you're running Windows 10 with default security settings, well, then this should not really be happening,

but apparently it's still worthwhile for the bad guys to send out

emails spreading form book. Typically, this sample arrives like as one of those fake invoice emails.

And talking about reasons to run up-to-date versions of Windows last week, we had a vulnerability

in Zoom.

I didn't really mention it because it only affects you if you are still running Windows

7.

There is an update available for this now, so if you do see an update for Zoom today,

that's the reason to patch this particular vulnerability.

...