Hello, welcome to the Monday, October 16th, 2017 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Singapore.

Of course, malware still frequently arrives as an email, which often requires that you extract it out of an Outlook message file. Well, Did he took a look today

at Outlook Message files to explain how they are exactly composed and how to extract these

malicious attachments directly out of the message file. And he shows how to use O Oli Dump in order to accomplish this task.

Well, if your users don't receive Malra via email, they probably will do so via a website.

And last week we had yet another case where abandoned domains and included content in a website did cause

problems. This time it was already battered Equifax but also a number of other sites

including the Equifax competitor TransUnion who were exposed to this particular flaw.

The root cause here was a tool called FireClick that was installed on the affected websites.

FireClick is one of these user analytics tools.

It has been discontinued by its parent company Digital River for a while now.

And when discontinuing the tool,

they actually didn't renew an associated domain name, which was now picked up by some

advertising firm that used it to push fake Flash Player Update ads.

One problem I often find with websites is that they include numerous tracking and user analytics

tools, often with redundant functionality, which kind of indicates that probably these tools

get always added and old tools never get removed

once they're actually no longer useful and this opens these websites up to these kind of compromises.

If you are running a website that does use these third-party tools, then please occasionally do go over all of these

tools, make sure they're still serving a purpose and they're still being supported.

And apparently a number of Windows 10 and 2016 server machines refuse to reboot after applying

...