Hello, welcome to the Thursday, May 10th, 2018 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Indianapolis, Indiana.

Xavier today came across a little bit of better-than-usual email that is spreading trick-bot right now. The email claimed to come from Lloyd's Bank.

Now, what made it even more believable is that it actually linked to a domain called

Lloyd'sbank docks.com. The email claimed to link to a document. The user had to review.

The website popping up when you clicked on the link

made it actually look like it is a PDF document.

Interestingly, the links actually in this document didn't do anything,

but what triggered further action was scrolling down in the document.

That triggered a pop-up that would then advise the user

to install a plugin, which then led to Trickpot.

What makes it probably more likely for users to fall

for this kind of fishing attempt is that many legitimate companies

are not just using one domain name, but often have multiple

domain names that they're using in email links that are derived from their main domain.

So something like Lloyd's Bank docks may very well look plausible and a likely link to show

up in email.

One problem with third-party browsers like Firefox in Windows has been

that it has been difficult to remotely manage these browsers across an enterprise.

Well, Firefox is going to fix this in Firefox 60.

Firefox 60 is going to include a group policy engine that allows you to

manage several security relevant settings in Firefox via group policies. Of course, Firefox has been

struggling somewhat for market share in recent years. that's probably one reason why they're implementing

...