Educause Security Discussion mailing list archives
Spam with malicious document attachments
From: "Lambert, Tony M" <Tony.Lambert () VOLSTATE EDU>
Date: Tue, 23 Feb 2016 20:10:26 +0000
Hi folks, My institution has seen a sharp uptick of SPAM campaigns in the last three months with the intent to infect systems through MS Office document macros. In our case, we've seen many fake invoice documents with malicious macros triggering <5 alerts on VirusTotal.com. These attempts have been consistent with the infection vectors for Dridex and Locky malware variants. How have other institutions tried mitigating this threat? Thus far we've looked at the following: * Make MS Office Protected View enabled through GPO * AppLocker configurations to limit execution of binaries from user security context Thanks, --Tony Tony M Lambert Jr. Systems Administrator, Information Technology Volunteer State Community College X4832, tony.lambert () volstate edu<mailto:tony.lambert () volstate edu>
Current thread:
- Spam with malicious document attachments Lambert, Tony M (Feb 23)
- Re: Spam with malicious document attachments Alex Keller (Feb 23)
- Re: Spam with malicious document attachments Lambert, Tony M (Feb 24)
- Re: Spam with malicious document attachments Alex Keller (Feb 23)