Office maldoc + .lnk, (Sat, Jul 15th)

Reader nik submitted a malicious document. It width:867px" />

It width:852px" />

And then we can use Woanware width:829px" />

Unfortunately, the .lnk file does not contain interesting metadata. But we can see that it uses PowerShell to download an executable from Dropbox.

Didier Stevens
Microsoft MVP Consumer Security

© SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Article Link: