02 Mar How it really happened : NINJIO Season 1, Part 2, Episode 2 – Script Based Document Attack
As we saw in Season 1, Episode 2, Pat was haphazardly accepting friend requests from people he didn’t necessarily know, simply because he had friends in common with the friend (hacker) sending him the request. As a result of Pat having all of these new “friends” one of them contacted him (the hacker) indicating that his nephew was looking for an internship. Pat agreed to give the hacker his work email address. The hacker then sent Pat the resume to his work email address, and the resume contained a “Script-Based Virus.” Not only that, this virus had what is known as a “zero day exploit” inside of it, which means that Pat’s Anti-Virus software couldn’t pick it up. Once Pat opened the document and further responded to a prompt to “trust the source” and he ignored the Security Warning, it was over. Pat’s computer was then “owned” by the hacker. Most documents sent, if they have any malicious software in them, will prompt you asking if you trust the source, and usually there will be a message about this being a Security Warning. Unless you know exactly where the document came from, trusting the source and enabling the content is not a good idea.
HOW IT REALLY HAPPENED:
Script-based viruses can do numerous malicious activities on your computer. With the Ashley Madison hack, a hacker could gain access to an email to use it for setting up profiles that are then used to blackmail the victim. This article describes the type of blackmail used in the Ashley Madison hack.
Script-Based viruses aren’t a new concept, but they have recently been the source of major malware attacks. This article explains script-based viruses and how a hacker uses them to gain access to important information such as email credentials.
Most hackers send script-based viruses using Microsoft Word since it’s such a popular word processor. Macro viruses are making a comeback recently as a popular way for hackers to add malware to a victim’s machine.
Locky is the name given to a recent script-based virus that was able to blackmail Hollywood Presbyterian Medical Center into paying $17,000 in a ransom. This attack was sent through email using a Microsoft Word document.
Macro or script-based viruses have become a huge threat for organizations. Some antivirus software blocks them, but antivirus software has a hard time recognizing zero-day exploits. This article explains the threats to corporations from this type of malware.