Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Cybercriminals fond of celebration dates like Thanksgiving Day — but not for the same reason that upstanding people do. For the perpetrators, it’s the favorite time to attack. Why? Because people are tuned on pleasant and good thoughts and feelings on such days. Unfortunately, it makes them more vulnerable. When they see a greeting letter in the inboxes, they feel gratitude and curiosity — who sent it?—and click on the attached file without thinking about potential danger.
On the eve of this Thanksgiving day Comodo specialists intercepted a cunning attack aimed at propagating one of the currently most nefarious malware – Emotet trojan, usually used for stealing banking credentials and other private information.
Usually this malware spread mostly as a finance-related email like a message from a bank. Here is an example of such email intercepted by Comodo facilities.
As you can see, the attackers used well-prepared fake able to deceive even security aware user. The link in the email leads to “rozdroza.com/En_us/Clients_Messages/11_18” URL. If a user clicks the link, the poisoned Microsoft Office document file automatically drops on her machine.
But on the eve of the Thanksgiving day the perpetrators decided to make something special and disguise the infected file as a greeting card. Below are the samples of the phishing emails they are using in the new attack.
As you can see, these emails are also carefully worked out to look plausible. They have different content but in every case it’s build to inspire pleasant and warm emotions in the victims. Be it a hearty greeting, admiration of a colleague or even a piece of poetry, it arouses a good mood in the victims, thus weakening their vigilance.
The quotes of great people at the bottom of the messages also used to inspire trust in the victims, raising chances they will open the document – and let the enemy in the house. In reality, the “greeting card” is a Word document infected with Emotet.
Let’s look at the whole killing chain of this cunning malware.
The infected file has embedded Macro script. When a user opens a “greeting card”, the macros downloads Emotet on the victim’s machine.
First, the user is instructed to enable the execution of Macro content as the document contains a VBA stream designed to download and execute the malware.
If the user allows the active content to run, the code will call cmd.exe with modified parameters that will again call cmd.exe with obfuscated parameters that, finally, pass a script to powershell.exe designed to download and run binaries from the internet.
The obfuscated parameters used to launch cmd.exe are stored in a textbox that is resized to be unnoticeable for the victim.
After that, the script probes five locations to download Emotet: anora71.uz/aH3i9EM, egyptmotours.com/EfRRkqPucD, friskyeliquid.com/xspcYyA63, m3produtora.com/QOlBVnrL40, litsey4.ru/V5XLXxDubY.
Then it downloads the malware to the user’s Temporary folder and executes it. Emotet moves itself to C:\Windows\SysWOW64\cachingplain.exe and creates a service to run during system startup.
The newly created service connects to the C&C server to notify availability and receive commands.
From this moment, the infected machine is under total control of the attackers. They can extract the users’ credential, banking and other private information from the PC and continue the attack by downloading other types of malware.
“The attack is a complicated poisoned merge of refined well-disguised malware and psychological manipulation tricks”, says Fatih Orhan, The Head of Comodo Threat Research Labs. “It’s not only dangerous and destroying from the technical point of view but especially cynic and immoral because of exploiting peoples’ bright feelings in a grand holiday. It’s always bad to be robbed but it’s much worse to be robbed in such a great holiday and aware that perpetrators used your own bright feelings against you. I’m really glad we protected our customers from these painful consequences and didn’t let the perpetrators spoil a celebration of such a grand day”.
The heatmap and details of the attack
The attack started on November 19, 2018 at 18:34:12 and was continuing at the moment of creating this article. It was conducted from 26 IPs of 10 countries. 108 phishing emails are discovered for the moment and supposedly, the attack will reach its peak on Thanksgiving day.
The countries involved in the attack and number of emails sent per country
Live secure with Comodo!
Tags: Cybercriminals,Thanksgiving Day,Thanksgiving Day 2018,cybersecurity,thanksgivingday wishes
Reading Time: 4 minutes Increased dependency on computers and access to data makes an organization more vulnerable to cybersecurity threats. With the increase in cyber-criminals and cyber-attacks, many companies today are looking for greater protection of their decentralized computing work environments from their Managed Service Providers (MSPs). As a result, MSPs need to deliver firewall solutions that are designed…
Reading Time: 3 minutes Disruptions are often unforeseen. This could be a catastrophic event like a hurricane, a fire, or an earthquake. Disruptions, however, can also come in other forms such as that of a pandemic. This means that a building doesn’t necessarily have to be demolished or lives have to be lost for an unforeseen event to completely…
Reading Time: 4 minutes There should be no doubt in anyone’s mind that the coronavirus pandemic will reshape our education systems. It has already altered how students around the world learn and share knowledge with their peers in just a matter of months. Those changes can give insight into how education will progress in the long run, for better…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats