Hello, welcome to the Wednesday, March 22nd, 2017 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

Password encrypted Mavre is apparently back again. Now, in this case, it's a VIRT document. It is

encrypted using VIRT's own build-in encryption scheme.

The password that is required to decrypt the document is included in the email.

Now this is nothing new and there have been some anti-malvert tools that scanned the text of emails for passwords

in order to decrypt these emails.

Now, not sure how effective this is in this particular case.

Of course, if you just have the attachment, then you will have a hard time analyzing it.

And if you just upload the attachment itself,

a two-by-ris total, for example, you won't get any hits because each email is encrypted using

an individual password. Now, once you decrypt this particular word document, then you'll end up with the typical

JavaScript downloaders that will attempt to download various additional matter.

Of course, to a user who isn't familiar with this particular technique, a password encrypted

file may actually appear more trustworthy because apparently it is secure

by being encrypted with a password. And password wallet last pass fixed a rather serious vulnerability

in its Chrome extension. Due to a bug in the JavaScript that was delivered with this Chrome extension, it was possible

for an attacker to not only have direct access to the internal API for LastPass, which

essentially provides access to usernames and passwords, but also to execute arbitrary commands on the host system.

As an example, Project Zero has released a little proof of concept that will start the calculator

on your Windows system. This, however, will potentially also affect other operating systems,

not just Windows.

...