Fileless Powershell malware uses DNS as covert communication channel
Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.
The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.
When opened, the file masquerades as a “protected document” secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document’s content, but doing so will actually execute malicious scripting embedded within.