Hello, welcome to the Tuesday, December 4th, 2018 edition of the San Bernard Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Now, we always appreciate if readers sent us malicious documents.

The latest that DDA today looked at was sent in by our reader Mike and it actually

included a pretty neat sort of technique how the malicious code was hidden in this document.

Now regardless of this, it was kind of obvious that the document was malicious, it had macros in

it, it used the auto-open method, so code

would start as you open the document, but the actual malicious code was not obvious and wasn't part

of the visual basic script that was included in this document. Instead, the script actually looked at the text part of the document

and that's where the malicious code was hiding. It then extracted the code out of the document

and executed it. Now, D.D.E explains as part of his diary how to use his favorite tool,

Olli Dump, in order to analyze documents

like this, and then again extract the malicious code for analysis.

The USR today released some extensive details regarding the Samsung ransomware.

Now, Samsung isn't new, but given this

high publicity release, it's probably something that you may see coming up this week in your office.

So I want to talk a little bit about Sam Sam. Sam came out, I think about a year or so ago,

is when I sort of first noticed it,

and it's ransomware, but it's different from most ransomware.

Normal ransomware arrives typically with a client-side exploit, so that's your typical malicious

document and such like the one that I talked about in the beginning of this podcast,

while Samsung is really more targeted. It targets specific organizations. It usually takes

...