Hello, welcome to the Wednesday, October 4th, 2017 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

Depending on how well your spam filter works, you may have noticed a recent increase in FedEx

shipping notification scam emails.

Now the attachment here is actually not crypto ransomare for a change in Stead and

Brad wrote this up today. We do have form book being downloaded.

Formbook is a newer information stealer malware and what's kind of unique about it is that it was written without the use of any standard Windows API.

A lot of anti-malver triggers whenever a piece of software tries to, for example, take a screenshot or intercept keystrokes using

standard Windows APIs. Well, in this case, actually, it all does it sort of from scratch,

so it never calls these Windows APIs, making it a little bit more difficult to identify for

anti-malvert. Not having sure why people are still falling for these FedEx shipping notices, but then again,

this may be targeting retailers and such for point of sales compromises who do receive

quite a bit of shipments and such via UPS and FedEx and maybe expecting something

so they may not be that aware that this isn't actually a valid shipping notice.

And while we're sort of at the public service announcement stage here, WordPress.

Yes, you probably know you probably shouldn't run it.

If you do have to run it, then definitely keep it up to date and don't forget the plugins.

The latest reminder comes from WordFense, of course a company that does provide security

tools for WordPress and they're just

documenting how in particular vulnerable plugins are being exploited to take over sites.

What you can expect happening then is actually often not an outright defacement of the site, but information about your users

may get stolen and also new pages may get at it that are then used, for example, to distribute

...