Hello, welcome to the Thursday, November 29th, 2018 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

One of the most common attack that I see against Max is fake Flash Player updates or Flash Player downloads. Some of them are actually pretty good

in the way they sort of emulate the operating system dialogues that usually see if you're

installing or updating Flash. Today, we do have one example by Xavier here, and he's sort of

continuing his theme from yesterday about obfuscating badge

script because that's used to here actually install the malware.

Now the virus total score that Xavier got when he submitted this particular sample to

virus total was actually quite low only one anivirus engine recognized it what i often found

with these dmg files that the dmg file itself isn't recognized but once you mount it and once the

antivirus engine then looks at the components inside the dmg file it often recognizes one of them as malicious.

So the effectiveness of antivirus may be a little bit better than virus total suggests

in these examples.

But in the end, the vulnerability that's being attacked here is the user.

There is no real weakness necessarily in the operating system being exploited

here other than tricking the user into installing the malicious file for the attacker.

And talking about users willingly installing bad software, it's sometimes not malware. That's the

problem. Latest case, Senheiser's head setup software.

This software is used to allow headsets by Senheiser to connect to various soft phones.

Now in order to accomplish this, Senheiser provides some software that sets up a secure web socket.

That secure web socket is secured with a certificate that's signed by a

Senheiser certificate authority.

...