Recipients in a number of malspam campaigns could fall victim should they click on a link. That will trigger a download and launch malware executables delivering a number of Dropper and Backdoor Trojan families. The Internet Explorer web browser shows a warning requesting permission to allow execution of the ActiveX component, but once that’s allowed, the malicious payload is downloaded and executed.
Their advice: Be cautious when clicking on links or attachments from unknown senders. Miscreants behind such campaigns are continually altering their obfuscation strategies to stay a step ahead of detection by security engines.
“It is increasingly important to have multiple security layers to block these kinds of attacks,” the Zscaler ThreatLabZ team concluded.
This article originally appeared at scmagazineuk.com