Latest Malware, FormBook, Targeting Major Organizations
FormBook, a new malware variant has been targeting aerospace firms, U.S. defense contractors and manufacturing organizations in the U.S. and South Korea. This latest malware uses an executable that is included as a malicious attachment within phishing campaigns. Depending on the country being targeting the email attachment varies. For South Korea targets, ThreatPost reports the attachments are ZIP, RAR, ISO and ACEs. The U.S. version are riddled with malicious attachments disguised as DOC, XLS and PDFs.
FormBook is a data-stealing form of malware. Once inside the infected device it can log keystrokes, steal clipboard data, and send additional commands through the command and control server. The additional commands may include the theft of passwords, shut down and restart the device, start various processes, and download additional files.
Fortunately, with the use of an application whitelisting solution, FormBook would be blocked. If a user were to click on the malicious link, it would not be able to execute because it is not a trusted file. Perhaps it is time these organizations begin looking for a security solution that includes application whitelisting to meet their cyber security needs.