ACE and Chubb are now one.
 
 
ACE has acquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

Employers Beware Of Malware Trojan Stealing Contact Lists Using A Word Document

A new type of Ursnif Trojan malware steals users' email contacts in order to conduct a targeted spear-phishing campaign.

The Trojan malware sends out legitimate-looking emails to an infected organization's contacts. The malware is able to reply to real emails sent to compromised accounts. The reply includes a Word attachment that contains a malicious macro that downloads the malware onto the recipient's device if opened. Once the document is closed, the macro launches and executes the payload. It then uses the email recipient's computer to send out more phishing emails to his or her contacts.

Once a computer is infected, the Trojan can steal a wealth of personal data, including banking and credit card information. Hackers can also use Ursnif to launch man-in-the-middle browser attacks or use keylogging and screenshots to steal passwords and other sensitive data.

Ursnif is sophisticated and difficult to detect and analyze. Ursnif has been known to target the financial industry in the past, but this variant is targeting more industries. Jessica Davis "Trojan malware steals contacts for targeted spear phishing attacks," www.healthcareitnews.com (Nov. 10, 2017).


Commentary

Because Ursnif is capable of tricking security software and hiding its presence, it is extremely dangerous once it has infected an organization’s computer system.

A Trojan is a type of malware that disguises itself as legitimate software or attachments—like the Greek-made horse that fooled the Trojans into thinking it was a gift and not an attack. In this case, the Trojan is a Word document. 

Once a user downloads the Trojan, the malware gives hackers total access to the device. Cybercriminals can then steal your organization’s sensitive data, spy on your activities, or delete your files.

Ursnif delivers the Trojan through a phishing email. Phishing email campaigns send users emails that look legitimate, and, in the case of Ursnif, even come as a reply from someone you know or even trust. By combining a Trojan and a phishing campaign, the Ursnif malware is able to both take over computers and propagate itself by sending out more emails to take over more computers.

The best way to prevent Ursnif and similar malware is to be extremely careful when opening email attachments. You cannot assume that an attachment is safe just because it came from someone you know. Because hackers can steal email contact lists, an email from a friend could still be phishing. Do not open any attachment that you are not expecting…even if it is from someone you know. If you receive an attachment from a coworker, friend, or family member that you are not expecting, call him or her and ask what it is before downloading it.

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.1% in Nov 2017

Payroll Employment

+228,000(p) in Nov 2017

Average Hourly Earnings

+$0.05(p) in Nov 2017

Employment Cost Index (ECI)

+0.7% in 3rd Qtr of 2017

Productivity

+3.0% in 3rd Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

Employers Beware Of Malware Trojan Stealing Contact Lists Using A Word Document

Ursnif, a sophisticated malware, combines a Trojan with a phishing attack. Learn how to protect your data from this and similar malware. Read More

OSHA Updates Online Form To Help Whistleblowers File Complaints

OSHA's online whistleblower complaint form has been revised. Learn about whistleblower protections against retaliation. Read More

Privileged Passwords Subject To Attack

The vast majority of IT security professionals do not follow best practices for keeping privileged passwords safe from data thieves. We examine. Read More