This ISO contains a single binary executable in it called “fedex,pdf.exe”, this binary was disguised with a PDF logo as shown in Figure 4.įigure 4: Executable inside the ISO using a fake PDF logo and PDF extension
Disk image tools archive#
The ISO archive had a relatively low detection on VirusTotal (18/70).
Disk image tools update#
The lure was short and precise suggesting failure to deliver a FedEx parcel due to incorrect address, while guiding the victim to download the attached document from FedEx to update their address.įigure 3: Google Translate used to translate the message to EnglishĬlicking on the link (hxxp://madridbgcom/FedEx,pdf.iso) downloaded an ISO archive called “FedEx,pdf.iso”. The email was drafted in the French language, hence targeting French speakers. ISO disc image files when they are opened, hence making them a hot commodity for scammers.įigure 2: Screenshot of the email message as displayed to a victim
Recent versions of Microsoft Windows 10 and Windows 8 have the built-in ability to mount. Malware authors have started abusing these archives by re-purposing them to deliver malware. They are often used for backing up optical discs, or for distributing large file sets. The message tricked the victims to click on a link that downloaded an ISO archive containing a single executable of the Nanocore RAT.Īn ISO file (often called an ISO image), is a well-known archive file of optical discs like CD/DVD. The first campaign was a fake FedEx shipment email message targeting some of our European customers. In this blog, we will present two recent malspam campaigns that utilize disk image formats in delivering malware through phishing links and as attachments.įigure 1: Attack flow illustrated here shows disk imaging software like ISO or DAA files are sent as an email attachment or hosted at a site pointed to via a link in an email to infect victims with RATs. Disk imaging software includes formats like ISO, IMG, VHD, VDI, VMDK, VHD and DAA etc. It saves the entire data from the disk, including the file structure and all files and folders, in a single file and thus often serves as a full backup. ISO archives attributing to 6% of all malware attachment archives seen this year.Ī disk image is a software copy of a physical disk. ISO) being used as a container for serving malware via email, with. This year we observed a notable uptick in disc imaging software (like. You are entitled to free updates for one year from the time of purchase.Authors: Diana Lopera, Joshua Deacon, and Fahim Abbasi Support is provided to the buyer of the Commercial Edition for the period of one year and for the number of support incidences specified at the time of purchase.
Disk image tools install#
The buyer of the Commercial Edition is allowed to install the denominated number of copies of DriveImage XML on computers in its own organization or on customer's computers. The first screen of the Commercial Edition can be customized to show your name, address, support numbers, etc. The Commercial Edition is available with 5, 10, 20, 50 and 100-user licenses. No support is provided for the Private Edition.Ĭommercial Edition: If you are a business or organization or use DriveImage XML commercially, you need to purchase the Commercial Edition. You must not use DriveImage XML commercially.
You are allowed to install DriveImage XML on your home PC. Private Edition: Private home users are allowed to use the Private Edition of DriveImage XML without charge. We offer two versions of DriveImage XML, a free one for home users, and a paid one for commercial users. The program will backup, image and restore drives formatted with FAT and NTFS. DriveImage XML is now faster than ever, offering two different compression levels.ĭriveImage XML runs under Windows XP and up. Never again be stuck with a useless backup! Restore images to drives without having to reboot. Images are stored in XML files, allowing you to process them with 3rd party tools. Image creation uses Microsoft's Volume Shadow Services (VSS), allowing you to create safe "hot images", even from drives currently in use.
0 kommentar(er)
