MS warns of ..WSF file worm

Microsoft has pulled apart a current malware campaign, and is warning against e-mails with a double-dotted script file attached.

The Nemucod malware isn't new, but what Redmond discusses in this Technet post is a wrinkle designed to trap unwary eyes: a Windows Script File (wsf) attachment with an extra dot in the file extension – ..wsf instead of .wsf. [See! The headline isn't a tyop - Ed]

Describing it as “social engineering for unsuspecting eyes”, Microsoft's post says the attack arrives as a .zip file, and the file list (containing the payload) pops up when viewed in an archive viewer. Microsoft says the double-dotting is probably meant to make someone think it was just a long filename that's been truncated by the system.

As in past Nemucod campaigns, the payload is designed to install either the Locky or Cerber ransomware. Up-to-date malware protection should be blocking the attack, Microsoft's post states. ®


Biting the hand that feeds IT © 1998–2017